Welcome to the HackIIS6.com Contest!
Beginning May 2nd and running until June 8th, this server (located at ) will welcome hackers to attack it. If you are the first person to deface the Web site or capture the "hidden" document, you win an X-box! Read the contest rules for what does and doesn't constitute a successful hack. We've tried to be as realistic as possible in what constitutes a successful hack and in mimicking a basic HTML and ASP.NET web site.
For the most part, almost anything reasonable constitutes a successful attack except for a massive network denial of service (DoS) attack against the Internet Information Services (IIS) 6.0 box or its host provider. We want to test the security of Windows Server 2003, IIS, and other Microsoft applications. So, please, respect this rule of the contest so everyone can have a chance at claiming the prize.
The contest ends June 8th, and we will announce the results at Microsoft's Tech.Ed conference on June 9th.
We want this contest to test Microsoft software, and so the only third-party software we used is the host's router/firewall, which would be normal in most environments.
Why a Hacking Contest?
So why do it? There are very few places on the Internet where hackers, good and bad, can hack legally. Windows IT Pro thought the contest would be a fun way to interact with the hacker community (they realize most hackers have good intentions) and provide a practical way for readers of Windows IT Pro to learn about security (of course, the magazine will disavow all responsibility and blame me solely if the server gets hacked) <grin>.
So, welcome to the contest! Hack away. If the IIS server goes unhacked during the extended time period, it might not mean that IIS is "unhackable", but if the site does survive the contest it might convince a few people that you can implement a relatively secure Web server platform with IIS if you follow best practices and take reasonable precautions. After all, over 20 percent of the Internet relies on IIS, including some of the largest Web sites in the world.