[support] My Drupal 7.15 just hacked :(

Walt Daniels wdlists at gmail.com
Fri Oct 26 03:14:17 UTC 2012 

I assume you have changed your FTP password and most other passwords
associated with the site, e.g. if they FTPed then they could have grabbed
the settings.php file and have your database password.

Unless the password was easy to guess, it is likely that some virus scraped
it off your home/work machine so any other passwords there need to be
changed.

On Thu, Oct 25, 2012 at 10:33 PM, Steve Kessler
<skessler at denverdataman.com>wrote:

> The only place where Drupal deploys FTP is in the updates system. Given
> that this system requires that you have the permissions to use it I think
> it is safe to say that Drupal was not compromised to provide access to FTP.
>
>
> FTP is not a secure protocol and should be avoided.
>
> If the only file that was changed out what a new index.php than this does
> not sound like any type of Drupal attack either.
>
> I think it is safe to say that Drupal was not the cause of this unless you
> have something specific in your logs that shows otherwise.
>
> Hope this helps you.
>
> -Steve
>
> On Thu, Oct 25, 2012 at 8:06 PM, <lamp at afan.net> wrote:
>
>> Hi,
>> My development website (Drupal 7.15) setup 2 weeks ago. Only View and
>> Chaos Tools Suite Modules installed.
>> I contacted hosting company and they said it's compromised through FTP
>> -what I don't believe (if it's truth I'm really screwed because there is
>> tons of other sites too :( )
>> I got "Security update" message but, since it's development website, I
>> wasn't rushin'
>>
>> What's chances it's really FTP or something else? No other problems but
>> "new" index page. Though, they could "planted" something?
>>
>> Suggestions?
>>
>> Thanks for any help,
>> LAMP
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>
>
>
> --
> Steve Kessler
> Owner and Lead Consultant
> Denver DataMan, LLC
> 303-587-4428
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20121025/923b2e4c/attachment.html

More information about the support mailing list