Hi David. Was your sysadmin saying that the hacker required root access? If that's the case, then no. It allowed them access to anything the webserver could write to. At that point on some servers they uploaded a pwned or bindz script that could be started . I still haven't been able to get my hands on either of these scripts to see what they actually do.