Bitten by awstats - update to 6.4!
This morning one of my servers was attacked via awstats, which in versions before 6.4 has several known vulnerabilities.
In our case, the attacker could execute commands under the web server's identity, not nice.
So, if you're using awstats, upgrade to 6.4, or in a pinch disable the web access until you upgrade.
And...stats should never be openly accessible, I know this better now ;-)