I have a Icy Phoenix 1.2.0.27 han in this version there are a lot of bugs of security, because they are upload a index.html en the root and they can know the pass of the someone user. How can resolve this?

Sorry for me bad english.

I don´t know if the CHMOD there are well aplicated. There is a problem?

Bye

This is a shame, but with this kind of attack, I think somebody is hacking via your host, not Icy phoenix. There are a lot of "Deface" attacks going on, so-called because these hackers modify the index.html / index.php file to display some message, and this is of any site, regardless of using icy phoenix or phpbb php-nuke etc... and the majority of these attacks take place on shared hosts (shared servers), often with poorly secured file ownership priveleges, whereby it is easy for somebody with an account on the server to use a pearl / cgi script to list the contents of directories of all the sites on that server... and then modify them. Most accounts also have frontpage extensions installed as standard - there are a lot of security holes in frontpage, and this is another possible source of attack. You should do these things:
1) Try to establish how attack took place - examine your server's raw access logs (and your cracker tracker logs to rule out the simple attacks that it has blocked - these will be lame attempts at remote file injection which will never work). If there isn't anything obvious, then most likely it really is a "back-door" server side attack, where an attacker compromised the host.
2) Contact your host admin, ask them what they know (some tend to deny they had a security problem). Find out if they have improved security. Check host forums (if they exist) - you might find other people are having the same problem.
3) If host refuses to be helpful, move host... you can't trust them.