[vox-tech] hacked site

[jimbo]

Some company ( internetidentity.com ) that is contracted by Chase banking 
sent me email saying that my web site was hacked.  I also received a notice 
from Google for a possible phishing web page.  I confirmed this and found 
someone hacked into my web site and placed a phony Chase credit card form 
with all the bells and whistles. I contacted internetidentity via phone and 
was told that they might have used a vulnerability in a shopping cart.  I 
talked to my hosting company and told them what had happened but they 
couldn't tell me when or from where the attack came from.

I decided to look at my recent logs using CPanel.  It showed me the latest 
users and who has accessed my web site the most.  I found a url of 
114.79.43.146  that has frequented my web site the most. I usually am the 
one that visits my site the most but not now. I searched for it online and 
found that it is from Jakarta Indonesia.  Could this be because Chase is 
outsourcing some of their work over there?  I know that they do that with 
the Philippines.  Could it alse be a possibility that the person(s) that 
hacked my site are in that country?

I also noticed that some tried to access CPanel from 172.190.126.235 at 
11:40 pm on 6/20/2011, shortly after I changed the password.  Internet 
search shows that this person is using a server ACBE7EEB.ipt.aol.com in 
Kansas.

This intrigues me.  I want to know more.  Has anybody ever had this happen 
to them?  Are these two tied together somehow?  I mean Kansas and Indonesia?

Hope all is well,

Jim George
http://evesautomotive.com