Hello: A website that I administer for a friend of mine was hacked by a Turkish hacker script kiddy named MathLess :ahole: . The site is back up with out too much trouble; he just played around in the CMS--PHPNuke. He was not smart enough to hack the server itelf. After looking through my logs, I see that they did a yahoo search for phpnuke sites from canada, and used a ready exploit to hack the site. I found this line in the logs: 184.108.40.206 - - [22/Jul/2006:17:59:24 -0400] "GET /index.php HTTP/1.1" 200 2645 www.mikemouse.ca "http://www.ayyildiz.org/board/showthread.php?p=90452#post90452" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mailinfo [337103,337117]; .NET CLR 1.1.4322)" "-" where it appears he was posting the url to a hacker forum. Googling for the phrases in his attack: Ayt Tim, MathLess, AYYILDIZ-TiM, AYT TiM TuRKeY etc gives numerous hits of sites that have been hacked, all PHPnuke sites...this fellow only has one arrow in his quiver So far I have: 1.) Repoted the hacker to his ISP 2.) Reported him to imageshack, who hosted his image...now removed, thanks imageshack! 3.) Reported the hacker forum, www.ayyildiz.org, to Godaddy, its registrar To prevent further attacks, I have: 1.) Removed the admin.php file from my server, (I FTP it when needed) 2.) Trashed my Gallery2 install, and replaced with static pages. (Not related to the attack, but I am wary of its liability...one of the folders had to be 777, and that worried me. Is there anything else that I can do ? Either in working on the hacker or in preventing further attacks? Any help would be appreciated!