Matthew T. O'Connor wrote: > > Is this a know problem? Have others seen it? What can I do to help > prevent this? > PHP is a likely suspect. Do you have globals off? It can be difficult to find the culprit, hit the logs, look at hacker file creation dates.. try to match the creation time to something done within a script in the logs. Photo Galleries and any script which allows uploads should be the first suspects. And yes, as mentioned, AWstats did have an issue, but it is a pretty old version at this point... still something to look at. Of course, files uploaded via PHP are owned by Apache or the Apache username assigned. Best, John Hinton