Well, not down to server security or scripting, good ol fassioned "find the guys password and log in". One of the other admins for p8ntballer had his password stolen, fortunately the hacker didn't realise I was browsing the site (logged out) so when he defaced the homepage, I saw it right away and shut apache off before he could do anymore. Sneaky little **** though. Fortunately the damage was contained from being too bad, I have nightly backups so at worst I will just restore from 24 hours ago, there is however, some items which will never be able to be recovered. Oh well, even the best of us!