The Xoops.org site is back online again after taking several beatings over the last two weeks from a very determined hacker. This hacker left several backdoor's open for himself, so everytime the Xoops team would shut one he would pop back in through another. In the end the Xoops team decided to shut the site down and do a full security audit of their environment from the ground up. This was a very labour and time intensive task, but it was the only way in the end that the Xoops team could be sure that they'd plugged all the holes that the hacker was using, and of course any other known ones that he could use.
During this same period of time the Xoops core dev team have been hard at work on a security patch, and have now released Xoops 2.0.13.2 which includes many XSS fixes among others. Although strictly speaking the Xoops site was hacked through holes left ungaurded in the Apache webserver software that is used to host the Xoops.org sites, it is still highly recommended that all users update to this latest version of Xoops as soon as they can. Xoops 2.2.3 will be released very soon as well which will contain all of these fixes.
Get the full story here