Hello, This is what was in my log this morning. I checked the access log and It is in there. Here it is: "POST /?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 302 503 "-" "Mozilla/5.0" Is there a way of determining if the Server has been compromised? Thanks. ############################ To unsubscribe from the LSTSRV-L list: write to: mailto:[log in to unmask] or click the following link: http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1