My 'work' is solely yelling at support. "OY. I DIDN'T CHANGE NOTTIN. YOUR PHP IS BORKED. FIX IT."
Legit, I have only FTP and indirect sql access. As someone who is used to having root, this is mixed. On one hand, I don't have to do any real work. On the other hand, I can't do real work.
Someone's got to do the yelling. Frustrating not having the tools to do it right, though.
The PHP stuff aside, I think the spam header entries are corruption of the forum code as opposed to something within PHP or Apache. At least, they are not present if you hit the forum PHP files incorrectly. For instance:
http://armedpolitesociety.com/Sources/Karma.phpIf you go there it (correctly) dies on line 25 because the PHP file has been called outside of the forum structure, but when it outputs the error message it doesn't show any of the header entries.
Of course, if the site remains unsecured against the intrusion then fixing it doesn't really help long term.