this is my opinion, and i could be wrong. but i have seen this script before. the c99 used to have a blackwidow as a logo image.

what i believe, is that this person who had their site hacked is on a shared and in being a shared server, and this would be injected with no trace of it being used. since it would be loaded on an account that is on the server, you can then browse certain files that would give up parameters that would allow injection via of remote shell but its not remote its a php see more shell, and be able to cause these problems.

if any of you have ever been involved in wordpress, phpnuke, post nuke, e107, joomla, drupal, b2Evo or any other open source script, you have seen this same attack, and from what i know about this c99 remote shell attack its mostly on shared servers, or where you downloaded something from somebody, or allowed uploads on your site, and this was placed on your server.

specifically is dolphin vulnerable, i suppose all scripts are, and the time spent trying to secure them is astronomical. i just googeled c99 shell script, and there are 190k returns, so this is not new to dolphin, i didnt read anything that would determine what makes one site or one server more vulnerable than the next, but my point in hand is this remote shell is a well known hack amongst kids.

well i hope this sheds some light on the situation.

later,
DosDawg