Might not be part of the solution, just throwing out something I found. If you hate technical reading then delete this now. For those that know about servers and programming, I found a technical article that was interesting. Run a google search on CGI Vulnerabilities First link should be a four page article by Aleksandar Stancin - for Help Net Security Page 3 had "By using a cgi scanner you can safely find out by yourself for any insecure CGI's on your system." Back to page 2, "In order for an attacker to find an vulnerable CGI, all he has to do is to connect to port 80 and repeatedly send a GET request to CGI's on the server or suspecting they are on the server. Simply by checking your logs for repeated GET requests from a single remote host resulting in a 404, the 'file not found' error can give you an idea that something wicked is going on. As time passes, that same attacker may come up with an unsecure CGI on your system. If that is the case, he'll most probably try to exploit the vulnerability." Maybe something the hosting companies need to glance at. Michael Andrews, ASC Minnesota