remove search.php from cutenews's folder, or just fix the cross site scripting vulnerability inside the module, make empty oh.html, rename, rewrite and deny the login page
don't make index.php/htm/html/shtml etc just oh.htm
example for htaccess with name of login page "cnlogin.php"...