Pee
I really like the thoughts of a common ad, image, or stats server.
But it will probabaly be the Pee, in LAMP. I think it should be spelled LAMp, myself. The pee is a black hole of security, on a shared server (or a server on the internet). Some open source projects get too much of a break from everyone on security.
On a page or site level, it could be the overwriting of the pee variables, to include or fopen http or ftp URLs. On the server level, it could be a pee global prepend file.
Before anyone explodes with religious zealotry about the little p, and how it is all the coders fault.. Please think about it. Many of the code examples on their site, are poorly written. Pee is easy to use and marketed as so, but there are not even examples on their site of how to write a secure form mailer. Most of the top pee applications refuse to upgrade the applications to pee 5. Many of the top pee applications are (or have been) vulnerable to form injection. Many pee applications require the use of enable_dl, or allow fopen URLs.
Search for "requires enable_dl" or "enable_dl is required". You will probabaly find the problem, but it will be someone else's fault.