After investigation, the hack was made possible by the upload script, and was probably my fault for allowing all types of filenames . Someone exploited it and uploaded some C++ scripts and PHP scripts which attacked other servers and did other unwanted actions. It's good that we figured out how it was done, but the upload script is gone until further notice (all contributions were downloaded). All uploads have to be done via email now. We might put it back up after some more consideration, but this seemed to be the best solution for the time being.
Alex Levine
OldVersion.com
Helper