F.Y.I:
I just discovered that some spammer used my upload script to upload sendmail and a script that he then used to send spam. Fortunately, I keep upload scripts on a separate shared server and the problem is already fixed but what is interesting is that he found me through Yahoo, searching for upload.php3. I did the same search and found a large number of similar upload scripts wide open to a file upload attack.
If you allow uploads to your server, I suggest that at least, you should rename the script. Very simple security measures are to change uploaded file names and immediately copy them to a folder outside of your web site. If somebody has suggestions on more security measures, I would love to hear them.
