Those complaints show that the server is trying to hack other servers using what is called Remote File Inclusion, which tries to inject code through PHP. This means your server could very well be rooted. At the very least they have installed a PHP Shell and your server is part of a botnet now which is being controlled by some kid probably. This was probably done by the same exploit it is now trying to do to others. If I were you, I would read about Remote File Inclusion so you can understand what it is and how to prevent it on your sever(s) as it is a very popular exploit atm.
You should probably install CHKROOTKIT/rootkit.nl and scan the box and see what it finds. I personally would wipe/reinstall with an updated OS and get the PHP on the server configured to block RFI and PHP shells so you prevent this from occurring again. I would also recommend installing mod_security to help with the prevention of RFI.
The file on your server (http://smolen.org/test.txt) is a file that is used for RFI bots on IRC networks, the bot uses test.txt to check whether the server its exploiting is safe mode on, or safe mode off.
I suggest you get a experienced admin to look at /tmp, and /var/tmp.
You may want to considering turning safe mode on for PHP, even if hackers get a RFI on your system, they won't be able to write/delete/upload/etc anything, only be able to read your files, which is still bad. So maybe do what ompp said, install mod_security and get some sort of script to block RFI.
Joomla can be exploited and thats how the "hackers" as they like to be called (when there nothing but script kiddies) got into your system.
If you do not have any important files, I would suggest you to reinstall your OS then secure it.
Just today noticed I had an intruder. They created a publicly accessible folder called "smolen.org", and another folder inside of it called "test.txt???". I didn't think much of it, until I googled it and found this.
Last edited by Chris24; 03-03-2008 at 10:56 PM.
Reason: Making Post a bit more private.