There 's the hacker hack my website.

When ever I upgrade to XOOPS 2.0.18.1 RC, the hacker can hack my website again. (I already change the ftp password and found that he still can hack my web!)

Last week, the hacker try to upload phishing paypal.com on my website too ( He upload under folder module) ! I alraedy delete it.

This is my server details :

OS : Linux
CMS : XOOPS 2.0.18.1 RC
Module
- filemanager Version 3
- iContent version 4.5
- protector version 2.52
- XOOPS stat version 0.45

These are file of Hacker

1. mini.php found in "/module"
2. B.txt found in "/module/togot"
3. morgan.txt found in "/module/togot"
4. proxy.tgz found in "/module/togot"
5. psy.tgz found in "/module/togot"

The folder "togot" created by Hacker

Can anybody help me to protect my website ?

First upgrade to XOOPS 2.0.18.1 final.

Second, do not use iContent 4.5 because it is vulnerable like any module using Spaw editor, see here.

Quote:

Third, upgrade to Protector v3.04 or 3.16b

Do not use filemanager. It's said to be a low-quality module.