Joe... The first thing you need to do is find out how they got in. It might not even be Apache that let them in. It might have been a canned Perl Script, BIND, NFS, Sendmail, or even Cron. Once you figure that out - then you can evaluate how you take care of the box. The biggest recommendation I can give if you are admining a box, is to subscribe to a security mailing list for the OS's you manage - the best are located here: http://www.securityfocus.com/ They have a ton of OS and hack specific mailing lists that you can monitor for exploits that are being attempted. Also sign up for the CERT alerts here: http://www.cert.org/contact_cert/certmaillist.html Lastly, if you manage NT/2K, get on this list: http://www.microsoft.com/technet/security/notify.asp --- Anthony Baratta President Keyboard Jockeys