Guys/Gals, Just was able to catch a 'break in attempt' on one of my webservers It was from the RIPE network in Amserdam....IP address was 86.126.41.177 they were logging in through the NAGIOS user and (trying to run) two programs (files from): brute.tgz fast.tgz Just a word of caution to double-check those servers.... dave