One more hint to all: If you are hosting php scripts for other people, or simply have too many to comb through on your own server(s), grep your mail server log for "jrubin3546 at aol.com". If you see any results, cross reference that time with your web logs to locate the exploitable script. ~Rolan