Today I got the message from my host that some illegal content was being uploaded to my server in the data directory. It was placed in a folder called active-paypal. There were scripts uploaded to the account by user "nobody".
I'm running pp5.5. I didn't understood that the upgrades so far include major security issues. What would be your suggestion to prevent this? I customized the templates pretty much so I upgrading is a pretty big task. I am running the latest vbulletin version. Not many additional plugins are installed.