2
How would that help?
The real question is, how is the index.html file getting placed in root? And I am assuming the root of the site, not the root of the server. That's a security issue, not a XOOPS issue. I would recommend a few debugging things...
1. If you can't plug the "copy to root" hole, then I would turn off any uploads until you can get the site in a chrooted environment. Also, make sure ssh or telnet is turned off.
2. look at your log files - access.log and errors.log to determine what they are doing when the index.html is copied up. What URL, etc. is getting used.
3. If you are an apache site, and have control of the server, then install mod_security to apache. If you are in a shared environment, talk to your provider about what security switches can be turned on at the apache level.
4. Take an inventory of the mods you are using, make sure they are the recent versions, and not something old that may have a known vulnerability.
Bottom line, even if you copy a stub index.html file up there, my question would be, what prevents the upload and replacement of that file? Not knowing the settings of this particular server makes it difficult to answer, and really only with the generic obvious stuff...
