I am embarrased to say that someone has hacked my server. The server OS is Win2k and it is running IIS 5.0, SQL 7.0, Serv-U 3.0, and BlackIce Firewall. The server has all patches applied on a regular basis, however the IIS lockdown tool has not been run on this server. The problem is that there is about 15GB worth of warez in the Recycler Folder with the following directory structure aux - lol - 06 - all - off - lamer - com1 - und - stealer - prn. I have checked all user permission in SERV-U and none of them have access to anything but the appropriate folders. I have locked down all ports in the firewall except 20, 21, 80, and 443. Where should I start to close the vunerability in this system? Are there any security tools that could help to diagnose security openings?