The plot thickens, as they say. There is no evidence of multiple attempts to get in via ftp. The userid was not something that would be easily guessed, can't comment on the password as I don't know what it was. The user and password would appear to have been obtained and used. From communications with the account holder, it would appear, though unconfirmed at this stage, that someone who had legitimate access to the site, *MAY* have done something they would prefer not to admit to. I am guessing a case of social engineering or similar. So in this case, the protocol used may be irrelevant. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Glen and Rosanne Eustace GodZone Internet Services, a division of AGRE Enterprises Ltd. P.O. Box 8020, Palmerston North, New Zealand 4446. Ph: +64 6 357 8168, Fax +64 6 357 8165, Mob: +64 21 424 015 http://www.godzone.net.nz "A Ministry specialising in providing low-cost Internet Services to NZ Christian Churches, Ministries and Organisations."