[support] IRC Hacking Files
Michael Mansour
micoots at yahoo.com
Tue Dec 27 01:14:33 UTC 2005
Hi Rob,
I have personally had experience with this type of
attack, as it affected one of my production servers,
where they got in from phpBB2. A simple upgrade fixed
the problem.
If your hosting company keeps putting the squeeze on
you for it, there's nothing you can do except tell
them to upgrade their version of drupal, because
that's the way they're getting in.
Michael.
--- Rob <rob at rwneill.com> wrote:
> The CPanel on my host only offers up to 4.6.3.
>
> Rob
>
> On 12/15/05, Morbus Iff <morbus at disobey.com> wrote:
> >
> > > My hosting company has twice recently claimed
> there are IRC hacking
> > > files in one of my accounts which uses Drupal.
> Has anyone had this
> > > experience or have any idea how they could be
> uploaded into my account
> > > like that? Is there a security hole in Drupal
> that could cause this?
> >
> > It's entirely possible if you're still using a
> version of Drupal that has
> > the XML-RPC bug (upgrade to 4.6.5, please!) -
> someone could easily have
> > done it (I've seen the attack numerous times
> against numerous apps).
> >
> > --
> > Morbus Iff ( you are nothing without your robot
> car, NOTHING! )
> > Culture: http://www.disobey.com/ and
> http://www.gamegrene.com/
> > O'Reilly Author, Weblog, Cook:
> http://www.oreillynet.com/pub/au/779
> > icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff
> / jabber.org: morbus
> > --
> > [ Drupal support list | http://lists.drupal.org/ ]
> >
> > --
> [ Drupal support list | http://lists.drupal.org/ ]
Send instant messages to your online friends http://au.messenger.yahoo.com
More information about the support
mailing list