I chmod 000 the files and made user root
hopefully if user will update to newest release problems will be fixed..
Will point the webmaster of the site to
various security leaks which could allow malicious users to include a (remote) file and eg. execute php commands on the server hosting vwar