Yes, but you don't <br><br><div class="gmail_quote">On Wed, Jan 27, 2010 at 9:35 AM, Nilesh Govindarajan <span dir="ltr"><<a href="mailto:lists@itech7.com">lists@itech7.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="h5">On 01/27/2010 08:01 PM, Gerhard Killesreiter wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Adam Gregory schrieb:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
This is more a server security issue rather than a Drupal one. I've seen<br>
this happen with Drupal, Joomla, Wordpress and custom PHP code. It<br>
really most likely means that access to the server/host was compromised<br>
at some point.<br>
<br>
There are lost of things that can be done to prevent this like<br>
chmod/own-ing your file system correctly(As Gerhard touched on). This is<br>
also a good reason to use SFTP rather then FTP as passwords in SFTP are<br>
sent encrypted and FTP are not leaving them open to a *man-in-the-middle<br>
attack.*<br>
</blockquote>
<br>
People still using FTP in 2010 should be shot on sight.<br>
<br>
Cheers,<br>
Gerhard<br>
</blockquote>
<br></div></div>
*ahem*<br>
<br>
Public mirrors do use them ?<br>
<br>
FTP is good if you can configure it properly. It can be a big bug in the security as happened in this case if not configured properly :)</blockquote><div><br>Yes, but public mirrors do not require passwords. What Gerhard is talking<br>
about is uploading stuff to your site via an FTP account with a user name<br>and password. <br></div></div>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">2bits.com</a>, Inc.<br><a href="http://2bits.com">http://2bits.com</a><br>
Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>