Hello, I just received these 2 emails;
I seeing that permission of the site also are changed from 705 to 755
I'm downloading the site and I'll use a compare tool to see if they did something.
If someone can give me suggestions, is welcome, thanks.

Emails:

The following attack has been detected by PHPIDS

IP: 207.70.36.199
Date: 2010-07-27T17:33:13-07:00
Impact: 51
Affected tags: xss csrf rfe id sqli lfi
Affected parameters:
REQUEST._dihitt=BAh7CjoRcmVsX2tleXdvcmRzIgA6DHVzZXJfaWRpADoTZXh0ZXJuYWxfbGlua3NUIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgxsYXRfbG5nIgA%3D--1017a025e08d93783eb0e798bab72bfdecd3c444%2C+DGS_SESSION%3D1025005C1D092FECB63C26
310EF5E374%2C+CFGLOBALS%3DHITCOUNT%3D1%23LASTVISIT%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23TIMECREATED%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23%2C+CFMAGIC%3D53131516%3A16323589%2C+CFID%3D22817862%2C+CFTOKEN%3D34888326%2C+LTLocalizationCoo
kie%3DLocalization%3Den-US%26CurrentLocalization%3Den-US,
COOKIE._dihitt=BAh7CjoRcmVsX2tleXdvcmRzIgA6DHVzZXJfaWRpADoTZXh0ZXJuYWxfbGlua3NUIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgxsYXRfbG5nIgA%3D--1017a025e08d93783eb0e798bab72bfdecd3c444%2C+DGS_SESSION%3D1025005C1D092FECB63C263
10EF5E374%2C+CFGLOBALS%3DHITCOUNT%3D1%23LASTVISIT%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23TIMECREATED%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23%2C+CFMAGIC%3D53131516%3A16323589%2C+CFID%3D22817862%2C+CFTOKEN%3D34888326%2C+LTLocalizationCook
ie%3DLocalization%3Den-US%26CurrentLocalization%3Den-US,
Request URI: %2F
Origin: 208.109.181.4

###########################################################
The following attack has been detected by PHPIDS

IP: 207.70.36.199
Date: 2010-07-27T17:33:13-07:00
Impact: 51
Affected tags: xss csrf rfe id sqli lfi
Affected parameters:
REQUEST._dihitt=BAh7CjoRcmVsX2tleXdvcmRzIgA6DHVzZXJfaWRpADoTZXh0ZXJuYWxfbGlua3NUIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgxsYXRfbG5nIgA%3D--1017a025e08d93783eb0e798bab72bfdecd3c444%2C+DGS_SESSION%3D1025005C1D092FECB63C26
310EF5E374%2C+CFGLOBALS%3DHITCOUNT%3D1%23LASTVISIT%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23TIMECREATED%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23%2C+CFMAGIC%3D53131516%3A16323589%2C+CFID%3D22817862%2C+CFTOKEN%3D34888326%2C+LTLocalizationCoo
kie%3DLocalization%3Den-US%26CurrentLocalization%3Den-US,
COOKIE._dihitt=BAh7CjoRcmVsX2tleXdvcmRzIgA6DHVzZXJfaWRpADoTZXh0ZXJuYWxfbGlua3NUIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgxsYXRfbG5nIgA%3D--1017a025e08d93783eb0e798bab72bfdecd3c444%2C+DGS_SESSION%3D1025005C1D092FECB63C263
10EF5E374%2C+CFGLOBALS%3DHITCOUNT%3D1%23LASTVISIT%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23TIMECREATED%3D%7Bts+%5C%272010-07-27+03%3A57%3A36%5C%27%7D%23%2C+CFMAGIC%3D53131516%3A16323589%2C+CFID%3D22817862%2C+CFTOKEN%3D34888326%2C+LTLocalizationCook
ie%3DLocalization%3Den-US%26CurrentLocalization%3Den-US,
Request URI: %2F
Origin: 208.109.181.4

How to report them?

Another attack, always from same area http://www.geobytes.com/IpLocator.htm?GetLocation
I have a clean backup so I restored the store, but what should I do?

The following attack has been detected by PHPIDS

IP: 207.70.45.50
Date: 2010-08-03T14:03:40-07:00
Impact: 32
Affected tags: xss csrf id rfe sqli lfi
Affected parameters:
REQUEST.XTCsid=859d602ae4ffd8e49cfdd5c31493e67e%2C+CFID%3D13637968%2C+CFTOKEN%3D42984570%2C+CFGLOBALS%3Durltoken%3DCFID%23%3D13637968%26CFTOKEN%23%3D42984570%23lastvisit%3D%7Bts+%5C%272010-08-03+13%3A32%3A02%5C%27%7D%23timecreated%3D%7Bts+%5C%272010-08-03+
13%3A32%3A00%5C%27%7D%23hitcount%3D2%23cftoken%3D42984570%23cfid%3D13637968%23,
COOKIE.XTCsid=859d602ae4ffd8e49cfdd5c31493e67e%2C+CFID%3D13637968%2C+CFTOKEN%3D42984570%2C+CFGLOBALS%3Durltoken%3DCFID%23%3D13637968%26CFTOKEN%23%3D42984570%23lastvisit%3D%7Bts+%5C%272010-08-03+13%3A32%3A02%5C%27%7D%23timecreated%3D%7Bts+%5C%272010-08-03+1
3%3A32%3A00%5C%27%7D%23hitcount%3D2%23cftoken%3D42984570%23cfid%3D13637968%23,
Request URI: %2F