There is a patch for PHP on http://www.php.net that PHP users should investigate. >From my reading, file upload functions can be used to execute arbitrary code. If you are installing PHP on an external box, you should be switching off functions you are not using, things like system and file functions. There's a lot of good material on the PHP site. Antti