I see a lot of NT sites getting hacked, check any of the defaced lists like www.attrition.org and you can see NT is leading the OS's as far as what OS gets hacked most.
Why you ask? Well NT allows the clueless to get a web server up and running faster and easier than any other OS except perhaps for Mac. But Mac isn't as popular because it requires special hardware.
So how hard is it to find these sites that the clueless have setup. Well simple, use a search engine like this
When you setup an NT server, NEVER take the default paths, NEVER allow it to setup any of the default "sample" sites, NEVER let it do anything in the standard way. After it's setup, delete the default site and create a new one, delete all the sample stuff that it installs, change as much as you can possibly change so that it is a NON-STANDARD configuration.
It is no that hard to make NT a lot more difficult to hack. Nothing is hackproof but you can easily make it much tougher to break one of your webservers. Here is one of the many documents on how to harden NT. (it's in pdf format)
Note to Microsoft, DO SOMETHING ABOUT THIS NONSENSE!!! I'm getting really pissed that my favorite OS is getting a reputation for being easy to hack because of your stupid default selections and insistence on installing sample crap. Get with the program guys, recognize this for what it is and fix it.
--------------
why does this make NT easy to hack?
It means that IIS was installed with all the default samples, including the default databases that allow hacks like the MDAC hack to operate. It also means the admin pages are exactly where you would expect to find them and that the directory structure is probably standard so the unicode exploits should work fine as well.But by far the worst part is that you can easily use a search engine to find hundreds of sites that have this default configuration making it very easy to deface large numbers of websites in a short period and with minimal effort.
This could easily be fixed by MS simply changing the default configuration of IIS to be safe instead of installing all the sample garbage. They could also have it popup a warning about accepting the default paths and such so that Admins who don't think about security stop and think for a moment during the setup process.
It would take minimal effort on the part of MS to make NT/IIS a whole lot more secure. The part that really annoys me the most is when you see the results of this, take a look at the graphs at http://www.attrition.org/mirror/attrition/os-graphs.html#OSTOT2 and you'll see what I mean. All these could be completely avoided if the default setup forced some simple security practices on the admins or at least made them think about it during the setup process.