Here's whats up.... This happened to us in February... the hackers used a security hole in phpBB2. I had to replace the index files for 120 sites from our nightly backup. After updating to the latest PHP and additional packages, the server is safe again. You should have a look through your Apache log files. Search for "system(chr(101)" or "echr". Usually these kind of requests indicate an attack. You might want to secure your server using something like mod_security: http://www.modsecurity.org Mike