First I received a message for my host (1and1) indicating that exploits have been found on the server. They also disabled them and made recommendations as to where they are. Message can be seen below:
Thank you for getting back to us on this. Your 1&1 hosting account has been
attacked via an insecure PHP script you installed on your webspace. You will
find an analysis of the attack and instructions on how to secure your webspace
against future attacks in this e-mail.
1 Analysis of the attack
1.1 The hackers processed it through a security leak in your script/s:
./community/ray/XML.php
1.2 A large amount of spam has been sent by the following script/s:
./community/ray/modules/
./community/ray/modules/global/inc/eror.php
1.3 The following malicious file/s have been uploaded to your webspace:
community/ray/modules/global/inc/eror.php
community/ray/modules/global/inc/fx.txt
community/ray/modules/global/inc/admin/admin.php
community/ray/modules/global/inc/admin/index.php
community/ray/modules/global/vwar.php
community/ray/modules/global/errors.php
community/ray/modules/global/radio.php
community/ray/modules/movie/next.php
community/ray/XML.php
community/cron.txt
community/just.txt
community/rm.txt
community/link_over.php
Having disabled these files:
2. Required measures
To reestablish the security of your 1&1 webspace, please proceed now as follows:
2.1 Delete the aforementioned files. You will have to grant yourself writing
permission again before deletion. For further information see
http://faq.1and1.com/websites/access/ftp/13.html
2.2 Upload a more secure version of the following modules of your software:
Dolphin
2.3 Check whether other malicious content was uploaded onto your webspace
during the attack. Delete all unknown, suspicious content immediately.
IMPORTANT: In the future, please check the security of the software you install
on a regular basis. We will assist and help you with any specific problem, but
please be aware that the security of the software you install is your sole
responsibility.
Header Error:
Warning: Cannot modify header information - headers already sent by (output started at /homepages/18/d263736241/htdocs/community/ray/modules/global/inc/header.inc.php:1) in /homepages/18/d263736241/htdocs/community/inc/design.inc.php on line 489
Profile Error:
patched by kentclarke
Warning: getapplicationcontent(mp3/inc/header.inc.php) [function.getapplicationcontent]: failed to open stream: No such file or directory in /homepages/18/d263736241/htdocs/community/ray/modules/global/inc/content.inc.php on line 82
Fatal error: getapplicationcontent() [function.require]: Failed opening required 'mp3/inc/header.inc.php' (include_path='.:/usr/lib/php') in /homepages/18/d263736241/htdocs/community/ray/modules/global/inc/content.inc.php on line 82
Can someone help with this issue.