Check your IIS logs (hope you have them turned on.) They time/date/IP stamp
every request.
The perpetrator probably wanted to see their work. :)
Mine are in \winnt\system32\logfiles.
You can see where they are by going to the ISM:WWW:Logging.
Kevin
---------------------------------------------
Kevin C. Miller, CEO
FreshWater, Inc.
Custom Software Design