Philippine Air Force Site hacked

The picture above was of the hacked site that was posted on (my favorite philippine counterpart to

How can we help the sysad of What can we figure out about this? Let me start by stating some of the obvious:

1. The site is running on Windows 2003 and hosted by IPG (PLDT) with IP address of
2. The hackers are EscMan, Lyscanh, icekiller, solidnuts,Venoxvx, and Xgen…So they are probably a hacking clan/team. Where are they based? probably Brazil.
3. They have a vulnerability scanning tool called xroot.
4. They are found in Irc.GigaChaT, main channel

So the questions here are:

1. Was the windows 2003 properly patched?
2. Was the windows 2003 server protected with a good anti virus package?
3. What did the weblogs and eventlogs show? (if the PAF sysad can share snippets with us…it would help identify the vulnerability)