> * The attacker is changing our .htaccess. Are you sure that the attacker does not have shell access? Can you find logs of SSH connections, console logins, or shell histories? -- # Alan Porter