This seems a pointless but aggravating hack. Joomla Version 2.5.8, RSFirewall 46 installed, System Check rating = 98. No hacks on the front end but then there are no users apart from myself as admin. Secure (Obscure) Backend Password, Admin User name and Passwords). Php.ini in cgi-directory, with .htaccess add handler in root of site.

Cannot install anything at all now from Extension upload. I have to comment out the open_basedir line from the php.ini, or rather I did originally and managed to load Firewall and EventsPro. Now if I comment out the open_basedir line in the php.ini file and try to upload a component or modeule or plug in, click on install it gives me a delightfully designed (Derrr) 3000 word, in block, for Cialis or Viagra.
This only happens in the admin section. That is the front of the site doesn't seem to be affected, ergo, no Pharma descriptions on a Google search.

When I un-comment the open_basedir line in the ini file the admin section operates normally. So I am unable to load any new extensions. It was a clean install after a hack on Joomla 1.5.7. All files were deleted on that uninstall and a new database created. It's a remote ISP shared server. Just to let everyone know that I am the only one that sees the Cialis/Viagra ad and I don't think the product would do me much good. So that's where the "Pointless" part comes in.

Anyone with any ideas?

....neither can I install from a URL or from the tmp directory. Just mentioning that!