People seem to be going through great efforts to counter something that isn't all that uncommon. Sometimes the simplest things are left out of the discussion. Why hasn't anybody said anything about disableing root logons via ssh? (isn't this pretty much standard proceedure to public systems?) They can do scripts like this on my systems all day long for all I care, none of those accounts were specified by me to have shell access in sshd_conf. There isn't a password they can hack. It just looks like there is. -Michael