I was hacked all so last night. My host said this,
It appears this was a typical post sent to the ajax on the back-end. These are taken care of by normal ModSecurity rules, but ModSecurity rules were set to defaults. As such, I've enabled additional ModSecurity rules to protect against this and many other common attack types, so this exact issue shouldn't happen again.
Here's the POST performed by that user:
"POST /forum/acp1/ajax.php
It appears this was a typical post sent to the ajax on the back-end. These are taken care of by normal ModSecurity rules, but ModSecurity rules were set to defaults. As such, I've enabled additional ModSecurity rules to protect against this and many other common attack types, so this exact issue shouldn't happen again.
Here's the POST performed by that user:
"POST /forum/acp1/ajax.php
Comment