If he's not aware of the problems with xoops.. then he definitely needs a wake up call. I"ll have to shoot him a e-mail.
Subject: Directory /home/mack/public_html/kate/ disabled and will not be re-enabled.
Request Details:
Your account appears to have been compromised and the following directory disabled.
/home/mack/public_html/kate/
It was engaged in malicious activity that nearly crashed the server. We will not re-enable this directory.. and we do need you to look into this on your side as well. As we need to be assured this wont happen again. Failure to get back to us will result in the account being suspended.
Below is an example of two of the processes your account was running...
nobody 30143 0.0 0.0 4148 1048 ? S 19:28 0:00 sh -c cd /home/mack/public_html/kate/uploads/iroffer1.3.b10/upload;cp * /home/mack/public_h
nobody 13402 1.7 0.0 3468 456 ? D 19:28 0:22 cp [AnimeDVD_Raws]_Argento_Soma_01_[91B8801F].avi [AnimeDVD_Raws]_Argento_Soma_2.avi [ANJ].
It looks like one of the scripts on your website have been compromised/hacked and the attackers were using the kate folder to store malicious applications and using it as a world writable download space.
Xoops is one of those scripts that is hacked regularly. Probably #2 on our list of most highly exploitable scripts. I *wish* it weren't so popular so we could discontinue usage of it entirely.