first of all, sorry for my english. Here's the situation: Last night my moodle seems to be hacked. I analyse the server logs (I use Debian 5.0) and I didn't found nothing unusual. When any user posts a message in forum, the page is redirecting to http://my_moodle_url/mod/forum/post.php and appears the message bellow:
|Gateway Anti-Virus Alert
This request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: ScrInject.UR (Trojan)
Therewith I can't post any message in any forum in my platform. I replace all the moodle files but the same error persists. This already happened to you? What can be done in this scenario?
My Server Settings:
Linux Debian 5.0
Thanks for help!