Hi Imagevue Support Team,
Recently my server was hacked, opened a ticket with the webhosting tech support and they claimed that hackers gained access via script injection.
Below is the response from the webhosting tech support.
For your advise.
I believe that i am on the latest version of imagevue which is 2.8.
================================
Dear Faizal,
We have checked and found the script was injected from cyrofila2.140613.com.
Below is the log:
=======================================
41.203.67.51 - - [02/Jun/2013:19:06:05 +0800] "POST /content/Zzb/install/index.php HTTP/1.1" 200 1795 "http://www.cyrofila.net/content/Zzb/install/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0"
41.203.67.51 - - [02/Jun/2013:19:10:18 +0800] "POST /content/Zzb/cp.php?m=login HTTP/1.1" 302 - "http://www.cyrofila.net/content/Zzb/cp.php?m=login" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0"
41.203.67.51 - - [02/Jun/2013:19:36:15 +0800] "POST /content/Zzb/Shrelll.php HTTP/1.1" 200 27350 "http://www.cyrofila.net/content/Zzb/Shrelll.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0"
=======================================
You may access to http://who.is/whois-ip/ip-address/41.203.67.51 and get the IP destination.
We believe they is a vulnerability for the application, kindly upgrade your application or contact developer for further assistance.
If you have any enquiries, please do not hesitate to contact us. Thank You!
Sincerely,
Alexander
Hosting Support Engineer
Technical Support Department
How Am I Doing? Email My Manager At feedback@exabytes.sg
Need more resources for your website? Check out our VPS and Dedicated Server !