acutally, using miva to pull a db dump is a syupid way to do it. yup the db will have a record of who uploaded the file, so that 3dc can get him/her for thier actions, if they choose to do so. most dynamic scripting laguages can pull a db dump easily enough, specially with ssi enabled, which is required for dynamic scripts. on a server I'm running I would have some sever lockouts in place, besides stripping illegal coding from uploads. and by limiting the scripting language options on the server to one you make it harder for illegal scripts to get through. with high security on a unix/linix box, each person (site) would have a specific login that would give them specific, limited access, with md5 passwords and shadow passwords enabled, a password could conceivably be 256 characters long, and kept in a folder not accesable by anyone browsing to the server...specially when that security level required a password to be changed every month, unless overridden by the root user (system admin for non unix people) about a year ago someone was attempting to hack renderotica through miva. wonder if this is in any way related. wish the db dump(legally obtained even was given access to the db by DSI) from rotica hadn't been lost in a crash..had the hacker's ip in it.