Hack and Spam mail sent (Tools/Swift/)

[LeGastronome]

Hello,

My shop has been hacked twice this week :

It send spam mail and host block domain to avoid blacklist.

it seems to come from tools/swift/ module...

or the order has been send to swift module to send spam mail.

Version 1.3.2.2
1 week after upgrade

Do you have the same issue ?

[LeGastronome]

2010-10-15 00:42:15 SMTP connection from localhost (www.xxxxx.com) [127.0.0.1]:60079 I=[127.0.0.1]:25 closed by QUIT
2010-10-15 00:42:15 1P6XR9-0005Be-24 <= [email protected] H=localhost (www.lxxxxx.com) [127.0.0.1]:60081 I=[127.0.0.1]:25 P=smtp S=811 [email protected] T="% THE BEST PREPARATIONS FOR SEX! %" from for [email protected]
2010-10-15 00:42:15 SMTP connection from localhost (www.xxxxxx.com) [127.0.0.1]:60081 I=[127.0.0.1]:25 closed by QUIT

[dfm]

yes!

http://www.DOMAIN.com/tools/swift/Swift/Log/wellsfargo-online.php
http://www.DOMAIN.com/tools/swift/Swift/Log/verification.php


Прилагам Ви информация кога е качена цялата директория:
File: `wellsfargo-online.php'
Size: 17911 Blocks: 40 IO Block: 4096 regular file
Device: 809h/2057d Inode: 164400001 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 605/ lodkost) Gid: ( 600/ lodkost)
Access: 2010-12-13 12:54:09.000000000 +0200
Modify: 2010-12-13 12:54:09.000000000 +0200
Change: 2010-12-13 12:54:09.000000000 +0200

File: `verification.php'
Size: 12828 Blocks: 32 IO Block: 4096 regular file
Device: 809h/2057d Inode: 164399996 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 605/ lodkost) Gid: ( 600/ lodkost)
Access: 2010-12-13 12:42:18.000000000 +0200
Modify: 2010-12-13 12:42:18.000000000 +0200
Change: 2010-12-13 12:42:18.000000000 +0200

I deleted the whole folder. I bought a template from : www.membuy.com [Theme Marine Store] ... I do not know if this guys put smth there...