Help! My site has been hacked and is sending all kinds of spyware and virusses!
First of all, count to 10 to calm down. It may not be as serious as it looks right now, but we need to look carefully what is causing this.
We have had some occasions where the website was sending all kinds of virusses, spyware, malware and adware along with the XOOPS pages. If you can still access your website (despite all the warnings etc.), your site may not be *hacked* as such, but more like *hijacked*. What does this mean?
Many shared hosting providers do not run each account under a separate apache instance, but use the default 'apache' user and group created on initial install, and use a vhost for each website on that server. Apache runs under this special credentials for all those websites.
So where you need to give your application "write access" you need to give this "apache" user write access (generally it means: making the folder world-writable). If the owner had write access, it wouldn't mean anything to the "apache" user, and PHP wouldn't be able to write anything.
Now, what happens is that all the websites that run on the same shared server, run under this "apache" user... So where you give write access to apache, you're giving write access to EVERY malicious user sharing the same server.
And this is what happened. Users from the same server (not just anyone) misused your folder to spread their malicious codes.
Now, how to solve this:
Fire up your ftp engine, log in to your server and remove all the files from the templates_c/ folder.
Note: this will stop the current attack, not stop it from occurring again.
Now, is this a XOOPS problem or not? I say no, because:
1) Smarty REQUIRES the possibility to write some files, so it can't be changed.
2) Even if we could change this, it would not change much: these server configurations are EXTREMELY unsafe.
The solution to this is to have each site run under a different apache user, using suexec. The problem is that all the "safe" solutions are less scalable, and are not that popular, especially with shared hosting servers. So, you will have to contact your hosting provider and have them look into this problem.
EDIT: Carnuke~ please update your site to 18.104.22.168 ASAP
This Q&A was found on XOOPS Web Application System : https://xoops.org/modules/smartfaq/faq.php?faqid=525