Seems that some kiddies are still using some old exploits to deface websites. In the last 2 days i have noticed lots of logs from defacing attempts that are logged by my daily stat plugin.
Seems that attackers are looking for an osCommerce bug found on Nov 2010 that allow attacker to upload files on remote server.
For those interested here is the bug and the fix.
Edit this file
/admin/includes/application_top.php
Find this line :
$current_page = basename($PHP_SELF);
Replace with :
$current_page = basename($_SERVER['SCRIPT_NAME']);
More about this here : http://addons.oscommerce.com/info/8003