Thanks, Alex. I believe the site owner will be contacting Gossamer about having them do an upgrade among other things. I discovered the other day that they had added another username and I deleted it. Viewing the logs, I found that they had been trying to access using the username "admin" (there is no username admin) for a few months prior to actually getting through. At least that's the way it looked since different files are used when the Admin is actually accessed. Those files showed up in the logs later - that's when I think they finally found a way to break in. Very disconcerting. I don't understand how they can access the site via a username that doesn't exist. Anyway, after they got in they created a different username. I deleted it the other day before adjusting the .htaccess file to only allow 2 IP address for the admin directory.

All in a day's work, I suppose but I really hate people that do such things.

Nadine