thanks so much for response Jim. My biggest problem is i was bought onto this website a year after it was developed and there is no telling what the orginal web guy has going on. I know its a hack for sure becuase how things happen, i can lock the reload the htpasswd file with new encryptions and everything work fine and then maybe days later the site is back open. its like maybe someone is logging in every now and then and once they see i have reloaded the htpasswd they do whatever it is they do, im just so lost on where to look being that i really didnt develop the backend at all. was hired as frontend designer, have explained to the client the only real way to get this taken care of is to start from scratch and letme redo everything, front and back.