Re: [NTISP] Can anyone shed any light?

Adam Greene ( (no email) )
Fri, 10 Dec 1999 09:53:33 -0500

Hi Mark,

Sorry to hear about your difficulties. Microsoft has a site which references
all of the security issues with their products, including IIS 4.0:

Hope it helps,

-----Original Message-----
From: Mark Muldowney <>
To: <>
Date: Wednesday, December 08, 1999 12:03 PM
Subject: [NTISP] Can anyone shed any light?

>Hello list!
>well... my worst fears became reality this weekend.
>A government web site that we host was hacked by an American hacker
>going by the handle of "Sarin". He "0w3ned" the machine for 3 hours
>by replacing the default.htm until i was alerted and could put things
>back in order. This was on a NT4.0 server running IIS4.0 and cold fusion
>with SP4.0 and the latest hotfixes applied. I thought i had it pretty
>but obviously not. We were very pleased to get the government contract as we
>are only a relatively small ISP, now it looks like we may lose the contract
>and be sued as well. The last few days ive gone out of mind trying to fathom
>how he did it. I seem to remember an exploit that was mentions a few months
>ago involving, i believe, isapi filters which gave access to the webroot
>and allowed uploads to the directory, but I've not as yet been able to find
>any information on this. If anybody could offer any advice or help i would
>really appreciate it as it looks as though my job is on the line.
>Ive included these links Ive found to other sarin hacks.

For more information about this list (including removal) go to: