[drupal-support] Restoring hacked site -- (Psychophobia backdoor)
Gerhard Killesreiter
killesreiter at physik.uni-freiburg.de
Mon Jul 18 17:03:30 UTC 2005
On Mon, 18 Jul 2005, Dan Baum wrote:
> Two questions for the helpful folks on this list:
>
> a) Our version of Drupal was about 1.5 years old. Will the new version
So most likely it was 4.4.
> prevent this sort of thing?
Yes.
> Do we need to install a different version
> of PHP, or will the files that need updating be in the Drupal package?
Drupal
> b) In any case we will take the "opportunity" to install the latest
> version of Drupal. We do not have a "pristine" local backup. Is there
> a painless and *secure* way to transfer the content from the old site
> (remember, our version is about 1.5 years old)?
You should do the transfer as follows:
put your database backup into a db
Install Drupal 4.5 locally with that db
upgrade the db
install Drupal 4.6
upgrade
> Can we be sure we're
> not transferring any infected stuff if we copy the data from the old
> mysql database?
You never can be sure.
If you were running 4.4, then only nodes of type page and book were
allowed to contain php code. You need to check that no node contains php
that somebody else put in there.
This could possibly constitute a back door to your Drupal install and thus
your server.
Cheers,
Gerhard
More information about the drupal-support
mailing list