It is ImpressPages CMS 1.0.8
i try to explain.
I think, and server logs says that - attack was from contact form. they snet me one file, in php with (preg_match and 50000 some signs). When I point browser to that file i have file manager with all permission to the server and option of bruteforce database
I think it was a russian SEO, because, they put to my site 1k files in php, which only displays im my domain anchors to russian www.
they hacked only some folder. At one ww it was /video/ and in other, it was /file/
try to see in gogle: site:www.grawertop.pl
and look at the russian site (cache)
I hope you understand me...