Help! Attacked by spammers, not sure how to fix it!

[pollesel]

Hi there,

I have a problem with my site, but I don't know where to begin. On Tuesday, my site (www.iheartmusic.net) was attacked by spammers, and my host immediately suspended my account. Today, they finally got around to telling me that the problem was that "Emails were being sent from scripts in the /home/iheartmu/public_html/serendipity directory" of my account, and that "someone was likely hijacking and abusing your scripts to relay spam email via insecure scripts." They said the solution was to "remove any PHP scripts that reside in this directory that send email (or use the mail() function)".

Unfortunately, I have a minimal understanding of what that means (at best), so I don't know where to even look for the problem. Can anyone give me some guidance?

Thanks!

[pollesel]

Further to that, I just found this, in which Garvin talks about pretty much exactly what happened to me.

If the problem is with the plugins, then, could someone tell me what to delete/change in that directory to prevent it?

[stm999999999]

first, which version of s9y and of the mail-plugin do you use?

[pollesel]

I installed it last September, so I'm almost certain it was 0.8.4.

As for the plugins, I really don't know. I can post a list of plugins on there, if that helps at all.

[stm999999999]

I am not a developer but only a dedicated user but I think it is strongly recomended to make regular updates of the plugins (very easy via Spartacus-Plugin) and of course to use a not so old s9y-version. There are not very much security holes in s9y I think, but no software is 100% free of this.

So, the actual 1.02 has a fix to another security hole: http://blog.s9y.org/archives/147-Serend ... eased.html

And it is a good idea to read the s9y-blog-rss-feed
http://blog.s9y.org/feeds/index.rss2

[pollesel]

I'll do that, then. Thanks!