Join the club, happened to me yesterday.
Everyone here will say it's because it's windows but the guys who did me are all over the net taking sites irrespective of server

Over 21,000 matches in Google!

This is not a good thing to read first thing in the morning before coffee.

Tell us more details please. I'm just getting ready to switch over to W2003 and now I'm not so sure.

At the moment we can't give you any more information about the hacker apart from he's Chinese and is active from a hacker competition site.

We first found out about him a couple of weeks ago, whereby we rebuilt the server from scratch, new O/S, passwords etc, but within hours of being up and running he was back in again.

We've run open port scans, virus checking, patched 2003 server, yet he's still able to get in and create a user for himself.

We're pulling our hair out!

I've had a defacer from Brazil and now someone with a political agenda from Turkey.

I feel I now have to check every site every day.
What really worries me is if someone malicious decides to do this, they can literally take you offline

What also if people do it subtly, i.e. insert links etc on deep rooted pages they may never be noticed.

TX my hosts are currently changing to 2003, half of my sites are migrated, from what I see it makes very little difference.
The only feedback I can get (because of security issues ha ha) is a confirmation that it was not a password problem at my end!

I am just curious what port do you have opened?

Give your admin account a complex username and set up a vPN for remote access. Maybe look into changing hosts if this wasnt done already.

Tell us more details please. I'm just getting ready to switch over to W2003 and now I'm not so sure.

Win2003 is the most secure-by-default and reliable Windows Server OS by far. Patch the server before connecting it to the network, lock it down and use secure passwords and be very careful of which 3rd party software you install (beware of forum software written by bedroom coders, etc)