Hi all, I wanted to let everyone know in BHW about the last two days (today and yesterday). I'm with an excellent webhost (servint) and they have a ticketing support system, well out of the blue yesterday I received an email about an 'admin issue' so I logged in and read that a report had been made about a phishing site was running from one of my domains, I checked it out and sure enough there were the files and folders and I could see in my logs victims had been visiting from emails to these files. I quickly deleted them and made the support team know that I wasn't involved in this and helped them where I could. Earlier today all my domains started acting up out of the blue, I made support aware of it then this evening I received another admin email, stating that another phishing attempt was running on the same domain as before. I checked and there were files for more than one phishing site in my domain. I have password protected my root folder so anyone visiting my site will see a request for username/password. I'm being told that it is related to not updating my wordpress installation to 3.01 It was already updated to 3.0 but not the very latest one. I'm sure there are people out there looking for vulnerable wordpress installs and I know many BHWers use Wordpress so I wanted to share this with you, as it is a real threat. I'm not so worried because I've already given a months notice with this host and already planned on shutting my sites down in 3 days time. My domains will be used for email redirection and domain redirection only from my domain provider so there will be no site to phish from. Hope this message helps prevent this happening to at least one of you. All the best. P.