[support] Site Hacked

[Roger]

Hi,
  My development website (Drupal 7.15) setup 2 weeks ago.
Only View and Chaos Tools Suite Modules installed. I contacted hosting 
company and they said it's compromised through FTP -what I don't believe 
(if it's truth I'm really screwed because there is tons of other sites 
too :( ) I got "Security update" message but, since it's development 
website, I wasn't rushin' What's chances it's really FTP or something 
else? No other problems but "new" index page. Though, they could 
"planted" something?


We too had very noticable attempts 2-3 weeks ago on one of our Drupal 7 
sites.
If anyone guesses your user name and password your'e stuffed. I had that 
almost happen. Caught it just in time

We also had our previous Drupal 6 site hacked with some nasty code 
implanted into the drupal /includes system files. They got in thru the 
server. The isp is still in denial.

Check your drupal logs/reports to see who has got in and how., regularly 
clean out the logs so you have fresh access detail.

I suggest, delete everything on site, very difficult if you only have 
ftp or cpanel.  Clean the site, use a new 18-25 character root password 
using the most convoluted range of ascii characters you can think of. 
Never type this when logging in as admin-- copy and paste. Never email 
the user or password to any one in the same email.

Reinstall the full Drupal site and use similarly complex admin password.

BE careful....... Drupal locks out your IP address if you enter the 
incorrect user name or password, I think it's 5 times but am not sure. 
It happened to me after 3 times.

Hope this helps
Roger