[drupal-support] Restoring hacked site -- (Psychophobia backdoor)
puregin
puregin at puregin.org
Mon Jul 18 18:32:07 UTC 2005
On 18 Jul 2005, at 10:03 AM, Gerhard Killesreiter wrote:
>
> On Mon, 18 Jul 2005, Dan Baum wrote:
>
>> Can we be sure we're
>> not transferring any infected stuff if we copy the data from the old
>> mysql database?
>
> You never can be sure.
>
> If you were running 4.4, then only nodes of type page and book were
> allowed to contain php code. You need to check that no node contains
> php
> that somebody else put in there.
> This could possibly constitute a back door to your Drupal install and
> thus
> your server.
>
> Cheers,
> Gerhard
Also check
- no database users added; permissions are minimal
- make sure that no stored procedure/functions have been added
if you are using MySQL 5.
Regards,
Djun
More information about the drupal-support
mailing list