Need help please

[kiwimanga]

Hello,
I have been notified by my web host that my website has been exploited to send spam and pishings .
And he has suspended it.
Important; I have many sub domains
I asked him for an explanation, he appointed me records, telling me these cases send emails and pishings
Example:
public_html/indexu/themes/default/mail
public_html/indexu/themes/kosmos/mail
public_html/others/xx/libs/Pear/Mail "no indexu"
others………."no indexu"

I havn’t understand anything.

I checked my site and I find a script that is not for me has been installed on my site. It is a complete script with php files, html, text, some documentation in Word files, here is some informations:
---begin----
Eggheads Development Team
www.eggheads.org
---End-----

As a beginner, I do not know how the hacker was able to install it. It was in a directory script "php-nuke" version 7.5.

I restored an old version of my sites, which is not up to date.
By cons I do not know what process has affected my databases sql or just files php? That is to say I could retrieve the latest data bases and put them with the old version that I restored.
Thank you in advance.

[inspireme]

what version indexu are you using? need to upgrade if you are using 5.1 - it had security problems. You should be bale to restore old database without any issues.

[kiwimanga]

what version indexu are you using? need to upgrade if you are using 5.1 - it had security problems. You should be bale to restore old database without any issues.

thank you for you answer my version it's 5.4.0

[Bruceper]

php-nuke has probably been the worst script (other than sendmail) on the net for exploits.

This has nothing to do with IndexU OTHER than possibly using the IndexU engine to send spam.

Your server/account was hacked. You need to fix it. The FIRST thing you need to do is remove the offending script from your server. Then change all your passwords using a random password generator of at least 10 characters in length.

Then scan your HOME computer for viruses, do not use norton or mcafee products to do this.

Then go back to the server/account (which is it anyways? Dedicated server? VPN? Shared Account?) and get the access_log and determine how they got in. Then you need to fix that.

And lets not forget, either update or delete php-puke.

[FSGDAG]

php-nuke has probably been the worst script (other than sendmail) on the net for exploits.

Couldn't agree with you more! Its not even worth running that script because of all the hacks and problems. Your left putting in security fixes daily, and God forbid if you dont

Then scan your HOME computer for viruses, do not use norton or mcafee products to do this.

Not really sure why you say "do not use norton or mcafee"!?!?!? Both are leaders in the industry for virus and spyware detection.

or delete php-puke.

"delete" being the key word!!!

[Bruceper]

I say not to use norton or mcafee products because in all the years I've been around online they consistently score the lower in detection and the highest in the PITA factor with trying to take over your system and be more than they should be.