Sorry Vulcan, to make my post more clearer. I was trying to get to your main page, not the forum, to get a snapshot to add your site to the video I'm working on. You are the only one left. There is no rush, just let me know when I can get to it for a snap of it.

It's accessing the main page where I get the challenge response for authentication.

Main page is IIS. Forum is Apache. Apache, the port 99, is not effected by this at all. It's IIS that's fudging up. Nobody can access / on the server. Sometimes the browser will cache this and won't present the auth challenge again, sometimes it won't and we'll be asked to enter a username/password. Result is the same.

kk Thrawn, I will look into it then and fix it.

Okay it is fixed now Thrawn, try it now. When we did all the security fixes it changed the permission of the website. now it is fixed

It worked. Thank you very much. I now have a complete list of sites and will put the video together tomorrow. I hope it will be to all the SysOp's liking. It will show their main page and URL, and the idea is to get the sites distributed out to the public to draw in a playerbase.

For all those who run servers out on the internet, you MUST make your server's secure.

Here is how:

If you install Windows, you have an account named Administrator. Well, know that i know the userId, i can sit and pound on your machine all day long trying to crack the password. This is what was happening to Vulcan's Forge. What i did it I set up user accounts for all users with administrator group rights and then I renamed the Administrator account so that the hacker now needs 2 pieces of information which makes it much harder since the username is now random to them.

I also disabled all open user accounts and shut down any non-used public services. I guess the IIS account was linked to the Administrator account somehow. It should not have been and Vulcan fixed it.

You can see if you are being attacked by viewing the Security section of the Event Viewer.
earth.

There is a lockdown tool for IIS 6.0. 

Here is the link to the tool

Cernnunos

My server already has that tool, part of it, the tool is for if you upgrade from another IIS version to 6.0 My server came with 6.0 and the tool already installed.

But thanks for the info, cause someone may need it as well Good work there.

Yes we had to do the same thing last summer when Alien Base was being hacked.  They never got in but they sure spammed it
River Rat

Good point Earth. Most people don't disable guest account, and leave Administrator as is. That just invites headaches down the road. Keeping services open that don't need to be also invites trouble. Also a good idea to create a backup Admin account, in case you forget the original one. Otherwise you may have to redo the entire OS.