Remove the script asap. Contact author of script and tell them about this if you haven't wrote it yourself. You might also check for updates.. Denying IP won't solve it cause he can use different server and voila, you get hacked again..
I would lock down the server untill its checked out.. Run chrootkit and rkhunter (not sure if they detect this script but it can't hurt running them..).. An antivirus scan can't hurt either..
Btw, mambo is VERY buggy application. Would suggest you to switch to joomla if you want the same interface and stuff.. I think you can even upgrade from mambo to joomla..