[support] Site Hacked
Roger
arelem at bigpond.com
Sat Oct 27 01:20:16 UTC 2012
Hi,
My development website (Drupal 7.15) setup 2 weeks ago.
Only View and Chaos Tools Suite Modules installed. I contacted hosting
company and they said it's compromised through FTP -what I don't believe
(if it's truth I'm really screwed because there is tons of other sites
too :( ) I got "Security update" message but, since it's development
website, I wasn't rushin' What's chances it's really FTP or something
else? No other problems but "new" index page. Though, they could
"planted" something?
We too had very noticable attempts 2-3 weeks ago on one of our Drupal 7
sites.
If anyone guesses your user name and password your'e stuffed. I had that
almost happen. Caught it just in time
We also had our previous Drupal 6 site hacked with some nasty code
implanted into the drupal /includes system files. They got in thru the
server. The isp is still in denial.
Check your drupal logs/reports to see who has got in and how., regularly
clean out the logs so you have fresh access detail.
I suggest, delete everything on site, very difficult if you only have
ftp or cpanel. Clean the site, use a new 18-25 character root password
using the most convoluted range of ascii characters you can think of.
Never type this when logging in as admin-- copy and paste. Never email
the user or password to any one in the same email.
Reinstall the full Drupal site and use similarly complex admin password.
BE careful....... Drupal locks out your IP address if you enter the
incorrect user name or password, I think it's 5 times but am not sure.
It happened to me after 3 times.
Hope this helps
Roger
More information about the support
mailing list