Originally Posted by quantum-x

The code basically executes $_SERVER['HTTP_HOST'] [usually the name of your server] as a PHP commandm then dies.

It's definitely odd, as normally HTTP_HOST has your domainname in it - so executing that as PHP won't do dick - unless someone has already injected another value into it, or register_globals is on and you're getting fucked with.