My community hacked

First I received a message for my host (1and1) indicating that exploits have been found on the server. They also disabled them and made recommendations as to where they are. Message can be seen below:

Thank you for getting back to us on this. Your 1&1 hosting account has been
attacked via an insecure PHP script you installed on your webspace. You will
find an analysis of the attack and instructions on how to secure your webspace
against future attacks in this e-mail.

1 Analysis of the attack
1.1 The hackers processed it through a security leak in your script/s:
./community/ray/XML.php

1.2 A large amount of spam has been sent by the following script/s:
./community/ray/modules/

global/radio.php
./community/ray/modules/global/inc/eror.php
1.3 The following malicious file/s have been uploaded to your webspace:
community/ray/modules/global/inc/eror.php
community/ray/modules/global/inc/fx.txt
community/ray/modules/global/inc/admin/admin.php
community/ray/modules/global/inc/admin/index.php
community/ray/modules/global/vwar.php
community/ray/modules/global/errors.php
community/ray/modules/global/radio.php
community/ray/modules/movie/next.php
community/ray/XML.php
community/cron.txt
community/just.txt
community/rm.txt
community/link_over.php


Having disabled these files:

2. Required measures
To reestablish the security of your 1&1 webspace, please proceed now as follows:
2.1 Delete the aforementioned files. You will have to grant yourself writing
permission again before deletion. For further information see
http://faq.1and1.com/websites/access/ftp/13.html

2.2 Upload a more secure version of the following modules of your software:
Dolphin


2.3 Check whether other malicious content was uploaded onto your webspace
during the attack. Delete all unknown, suspicious content immediately.

IMPORTANT: In the future, please check the security of the software you install
on a regular basis. We will assist and help you with any specific problem, but
please be aware that the security of the software you install is your sole
responsibility.


-----------------------------------------------------------------------------------------------------

Now an hour after I noticed that my site keep sending me cronjob alerts stating patched by kentclarke. I went to the site and say the same message in the header, my member profile dont show, you see the same patched by kentclarke.

Header Error:

Warning: Cannot modify header information - headers already sent by (output started at /homepages/18/d263736241/htdocs/community/ray/modules/global/inc/header.inc.php:1) in /homepages/18/d263736241/htdocs/community/inc/design.inc.php on line 489

Profile Error:

patched by kentclarke
Warning: getapplicationcontent(mp3/inc/header.inc.php) [function.getapplicationcontent]: failed to open stream: No such file or directory in /homepages/18/d263736241/htdocs/community/ray/modules/global/inc/content.inc.php on line 82

Fatal error: getapplicationcontent() [function.require]: Failed opening required 'mp3/inc/header.inc.php' (include_path='.:/usr/lib/php') in /homepages/18/d263736241/htdocs/community/ray/modules/global/inc/content.inc.php on line 82

Can someone help with this issue.

Quote · 8 Dec 2008
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.