My ISP runs a program called CGI-Wrap. It allows me to have my CGI directory set to 705 or similar. Not allowing anyone browsing the server dirsctories access to my CGI. The CGI-Wrap makes the directory act like the permissions are world writeable/executable without the risk of actually being 777. I don't know your server situation, but maybe you can get a Wrap setup for your CGI directory. Anyway... good luck. I've been hacked/deleted before and I know your pain. Hang in there.