My host alerted me to this yesterday, and gave me a command to run as well as advised us to turn off the ability to change your password via e-mail. This was only a workaround until a fix could be found.
Fantastico files were not affected. The intruder was thrown out while defacing our websites (replaced all main index.html).
Since the intruder was thrown out before completing the destructive work, we have a complete history of all his/her operations.
For security reasons, I will recompile updated distributions of our software containing only off-site files immediatelly after our server is back.
http://netenberg.com/ AccountLab Plus Affordable professional webhosting billing -- Click Be! Building websites as easy as it click be Fantastico De Luxe - Install your favourite scripts at a mouse click -- Universina - The CPanel skin with Heart and Soul
there are kids around who dont like to see a hard working guy like you around.
for me whom ever did this to your server is no more than a nothing in this world the least i can call him is a low life, if you ask me he should be directed to the gas room direct with out spending a one cent of tax payers $$ putting him behid the bars.