[]I discoverd the source, and it was older versions of photopost that were installed on a variety of boxes, a remote file inclusion exploit with the zipndownload.php script. If you're running photopost 4.6 or earlier, delete that file. <img src="https://www.ubbcentral.com/boards/images/graemlins/tongue.gif" alt="" /> [/]What is photopost? Nothing to do with UBB, but something that resides on the server, I presume? We were just hacked and I'd like to let your web host know about this.