Today i logged into admin panel and I found something disquieting. There was new panel on my panels list called "System". I looked in database to check it, the panel code was:
And there was a javascript in site source code:
Version is 6.01.19. I guess it's encoded by base64, but I can't decode it. Any ideas?
I have already changed all passwords and removed panel from db.
a.What exact version of PHPFusion are you running? 6.01.19 (I guess I put this thread in a wrong section)
b. What Mods/ Infusions/ Panels were you using? IP Polls, News Archive, Slideshows Random Photo Panel and my own friendly URL mod (htaccess).
c. Do you know the estimated time this hack happened? Unfortunately no. It could have happened a pretty long time ago. One of my users told me today, that his antivirus blocks this script.
d. Do you have Access Log for roughly the last 24 hours you can provide or check yourself? I got it, but in my opinion there's nothing unexpected.
e. Do you have any other info we should know? I had some DoS attacks recently.