I had another site of mine hacked by this (probably) bot. Looking over the log files, I think a php module vulnerability in xmlrpc is the likely culprit. see this link: http://phpxmlrpc.sourceforge.net/#security regards, William