Hi,
My site was hacked and I need some help in figuring out how it happened as well as how to fix it.

Any help is definately appreciated.

wow, with this much info, we're bound to have the answer in no-time! [/sarcasm]

what happened? how do you know it was hacked, what exactly was hacked?

Herko

Actually Herko it is not wise to publish much information publicly when you have a problem. That is the reason for the lack of information.

The only thing I know is that some files were uploaded to the server somehow that exploited it.

exploit is to the internet explorer issue number MS05-037, an Internet Explorer patch released by Microsoft
about two weeks ago. The code that was on my site essentially turns these visitors into zombies on a bot network.

I am using XOOPS 2.013
PHP version 4.3.11
MySQL version 4.0.24-standard
cPanel Build 10.2.0-RELEASE 82
Theme cPanel X v2.5.0

I have the files well most of them that were uploaded.
In haste I missed one file and deleted before I copied it.
The only thing I noticed was a huge spike in bandwith.
No errors in the apache logs from what I see.

heh, I *know* that too much info is bad, but no info is even worse...

Have you asked you host to look into this? Perhaps they didn't come in via your site, but infected the whole server. If the apache logs don;t show anything out of the ordinary (have you checked the access logs too?), then htey didn't come in via the site.

Herko