[Possible Hack] Strange Redirect when viewing CWP->Log Viewer

I have a strange redirect when using File Management -> CWP Log Viewer.

When I select to see the error_log and the domain, my browser is redirecting me to this website: speakwithjohns.com and my antivirus is reporting it as fake support website.

I changer the browser and the same happen on other browsers.

Has anyone this problem?

Yep: hacked!
Suggest immediately change ssh port & root/mysql passwords.
Send a high priority Ticket to CWP, to get them to investigate.

Think is no hacked. I found the cause of the redirect.
I try to isolate how much lines the script is displaying and found out that only one line of code is triggering the redirect.
And this is the one:

Code: [Select]

[Sun Feb 09 22:48:01.040796 2020] [:error] [pid 9480:tid 140047038756608] [client 154.50.0.79:44746] [client 154.50.0.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\btype\\\\b\\\\W+?\\\\b(?:text|application)\\\\b\\\\W+?\\\\b(?:(x-)?(?:java|vb|j|ecma)script)" at ARGS_POST:wp-piwik[tracking_code]. [file "/usr/local/apache/modsecurity-cwaf/rules/07_XSS_XSS.conf"] [line "53"] [id "212320"] [rev "3"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||jservis.si|F|2"]  [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "XXXXXXX"] [uri "/"] [unique_id "XkB@ESt3VzbPwTziNKZfhgAAABI"]

Think that this is a security warning?
What you think?

What you think?

Good luck.

https://www.pluginvulnerabilities.com/2016/08/29/persistent-cross-site-scripting-xss-vulnerability-in-wp-piwik/

https://www.pluginvulnerabilities.com/2016/08/29/persistent-cross-site-scripting-xss-vulnerability-in-wp-piwik/

Well done @rcshaff. I couldn't be a$$ed pointing him in the right direction: another one that posts an error message without actually reading it..

ARGS_POST:wp-piwik[tracking_code]