I posted a bit ago about a hack into my server as it turns out they guessed a ftp account password - I just deleted the account in ispconfig. but they uploaded a malicious obfuscated file to the root directory of the web account - and then were able to execute it. I thought pureftpd would have its default upload directory to be non-executable? seems to be a problem to upload into the root of the website and then whatever.com/mymalicious.php runs whatever! I have the file attached (mdbx.zip) in case anyone can de-obfuscate it I'm curious as to WHAT IT WAS DOING!! and what else I need to be concerned about A second question - how can I set a default site served to the ip address? I dont see any of the vhosts with a _default_ directive. how can I find out what vhost is served to the ip address - what does 74.xxx.yyy.zzz resolve to? and how to point it to a place that I want it to serve? thanks all!