Michael Peters wrote: > Did you restart Apache in this testing? I'd suspect something caching > the php code before I'd suspect a compromised binary. > Yes. I recall that restarting Apache was part of the process. Mark