I've been trying to use a PHP block that contains some CURL code to grab a pic and show it in the sidebar. I'm hosted at Dreamhost and I have mod_security (Dreamhost calls it 'Extra Web Security') activated on my domain. So, when I tried to create a PHP block that contained codewords that mod_security found offensive I was prevented from saving the block. No problem, said the newbie. I updated the body field in {block} to the CURL code I wanted in the block. Here is the big uhh-ohh I discovered while doing this. I was trying to use this php code in a block that was on every page. When I updated the block in the database I used the wrong URL, which is in my drupal path. I said http://www.example.com/gallery/blah when I meant to say http://www.example.com/gallery2/blah. So when I loaded the homepage for the first time, the block tried to load, but the block was trying to load the wrong URL (the URL I manually updated in the database. Drupal was intercepting the wrong URL and trying to load the 'Page not found' which of course included the offending block, which tried to load the wrong URL, which tried to load the 'Page not found' page which contained the block with the bad URL ... ad infinitum. So, in essence, I had denial of serviced myself. I couldn't get to my website at ALL for about 20 minutes. Once I could get back into my database (my ssh was DOSed as well) I reset the block. Being curious I did it all again while running top through another ssh connection. When I did it all again I saw 80 or so php5 processes in my user space before the top'ed connection DOSed itself. I'm assuming Dreamhost finally killed something. There is probably a moral to this story. Something like 'try php chunks of code in a page before adding them to a block that can get loaded on every page.' Especially is you're on shared hosting :) Here's hoping you don't do what I did :) -- Proud member of the KEXP cubicle army. http://www.cubiclearmy.com