Mod_php under apache 2.0.x leaks a critical file descriptor that can be used to takeover (hijack) the [Only registered and activated users can see links] service. Because apache [Only registered and activated users can see links] and mod_php are inter-related, I don't know if you would consider this an apache bug or a mod_php bug. I've contacted each group and they both blame each other. Personally, I don't care whose fault it is so long as it gets fixed. Enjoy IT!