I just got this email from my website, powweb : "Hello, We have noticed that the script /amember/plugins/payment/beanstream/bmail.php is being used for spamming on our server. So we have suspended CGI for your account. Please correct or remove the script and then get back to us so that we can enable CGI for your account. If you have any further questions, please don't hesitate to contact us. We are available 24x7." It was possibly my fault for not upgrading to 3.09 from 3.08, but since I'm not processing through Paypal, I never saw the need. I did the upgrade to 3.09, and entirely removed the /beamstream/ folder, as I'm not processing through them. I guess this post is just a heads-up to everybody, but I also have a question. Is the script still vulnerable for spamming through the various other payment processors ??