Hi Guys, I found a shell (c99) on one of our servers recently and thought i'd have a bit of a poke around with it before deleting it this time. All our sites run with suphp on this server. This file was uploaded via FTP so it's not the suphp's fault; however I was quite alarmed to see that I can browse most of the file system of the server from this shell (eg I can view /etc/passwd) however if I change the site to use mod_php, then I can't browse to these directories. I thought the point in suphp was that it wouldn't allow any files to be opened not owned by the webx/clientx user/group. Is this a config error on this server or have I misunderstood something? Examples available if you'd like to see. Cheers.