Arno: If you can request that file using a web browser, and it gets executed as PHP on your server then there is an error in the Apache configuration. Easy test: create a file in a text editor containing some PHP (<?php phpinfo(); ?> would be enough) and upload it to the www root of your site and name it test.pgif. Then hit http://www.yourdomain.com/test.pgif in your browser. If you see the PHP code or an error then you're fine. If you see PHP's info page then you need to change web host as quickly as possible. I don't care if they fix it - the fact their server was configured to do this by default is enough for me to never trust them again. -Stuart -- Thanks Stuart. I just tried it now, test.php.pgif displayed the info while test.xyz.pgif returned the content, confirming the problem. My service provider finally conceded the problem is on their side and are looking for an urgent fix, much too complicated to consider moving service providers in the short term. As a side note, the sp said the issue is new and coincided with an upgrade to fastcgi recently, I wonder if the hacker was exploiting a known issue with that scenario? Cheers Arno -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
