[support] Site Hacked

[ALLAHBAKASH ALLAHBAKASH]

Pl go to drupal support and give your details and report them about
hacking better change admin password

On 10/27/12, Roger <arelem at bigpond.com> wrote:
> Hi,
>   My development website (Drupal 7.15) setup 2 weeks ago.
> Only View and Chaos Tools Suite Modules installed. I contacted hosting
> company and they said it's compromised through FTP -what I don't believe
> (if it's truth I'm really screwed because there is tons of other sites
> too :( ) I got "Security update" message but, since it's development
> website, I wasn't rushin' What's chances it's really FTP or something
> else? No other problems but "new" index page. Though, they could
> "planted" something?
>
>
> We too had very noticable attempts 2-3 weeks ago on one of our Drupal 7
> sites.
> If anyone guesses your user name and password your'e stuffed. I had that
> almost happen. Caught it just in time
>
> We also had our previous Drupal 6 site hacked with some nasty code
> implanted into the drupal /includes system files. They got in thru the
> server. The isp is still in denial.
>
> Check your drupal logs/reports to see who has got in and how., regularly
> clean out the logs so you have fresh access detail.
>
> I suggest, delete everything on site, very difficult if you only have
> ftp or cpanel.  Clean the site, use a new 18-25 character root password
> using the most convoluted range of ascii characters you can think of.
> Never type this when logging in as admin-- copy and paste. Never email
> the user or password to any one in the same email.
>
> Reinstall the full Drupal site and use similarly complex admin password.
>
> BE careful....... Drupal locks out your IP address if you enter the
> incorrect user name or password, I think it's 5 times but am not sure.
> It happened to me after 3 times.
>
> Hope this helps
> Roger
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>