[CLPeters]

I reported this vulnerability on the 21st when I found that someone had somehow installed a couple fake Bank of America login pages on my server. I would strongly suggest that all users check their file system just to be safe.

The pages were loaded to my /payment/ directory on my server.

Also... if you don't need it to be on "allow_url_fopen" in your php.ini should be off as that will stop them from running the scripts from other servers.