[support] My Drupal 7.15 just hacked :(
Steve Kessler
skessler at denverdataman.com
Fri Oct 26 02:33:12 UTC 2012
The only place where Drupal deploys FTP is in the updates system. Given
that this system requires that you have the permissions to use it I think
it is safe to say that Drupal was not compromised to provide access to FTP.
FTP is not a secure protocol and should be avoided.
If the only file that was changed out what a new index.php than this does
not sound like any type of Drupal attack either.
I think it is safe to say that Drupal was not the cause of this unless you
have something specific in your logs that shows otherwise.
Hope this helps you.
-Steve
On Thu, Oct 25, 2012 at 8:06 PM, <lamp at afan.net> wrote:
> Hi,
> My development website (Drupal 7.15) setup 2 weeks ago. Only View and
> Chaos Tools Suite Modules installed.
> I contacted hosting company and they said it's compromised through FTP
> -what I don't believe (if it's truth I'm really screwed because there is
> tons of other sites too :( )
> I got "Security update" message but, since it's development website, I
> wasn't rushin'
>
> What's chances it's really FTP or something else? No other problems but
> "new" index page. Though, they could "planted" something?
>
> Suggestions?
>
> Thanks for any help,
> LAMP
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
--
Steve Kessler
Owner and Lead Consultant
Denver DataMan, LLC
303-587-4428
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20121025/6e997e8c/attachment.html
More information about the support
mailing list