In case you don't monitor CERT -- PHP file uploads have some flaws in many releases previous to 4.1.1. Fixes are available in 4.1.2 and 4.2-dev. http://www.internetnews.com/dev-news/article/0,,10_982841,00.html