phpinfo(). Trying to brute force servers is dumb… especially while leaving your phpinfo() online. Wouldn’t have gotten into these systems using those defaults but I still sleep safer at night with an active response IDS. /wave @ probably compromised box.