[support] Drupal site hacked - new php files injected
Ahilan Rajan
ahilan at vulcantechsoftware.com
Wed Oct 29 07:17:44 UTC 2014
Hi,
I had installed drupal 7.21 to run a simple website on my server. All
seemed well till one day last week I started getting huge amount of
spam emails from the server which was hosting the website.
On further analysis of the postfix mail queue on the server, I found
all the emails were generated by TWO php files (css76.php in the
modules/panels/js directory and session.php in the
sites/all/libraries/jquery.cycle directory) . These two files were
NEWLY created/injected files and seemed bogus containing a number of
symbols along with a base64_decode return statement.
Clearly my drupal setup had been hacked and someone had successfully
injected these files to send spam email (amongst other things I
presume)
I shutdown the site, installed Security Review and Hacked modules and
carried out their recommendations and also checked my file permissions
via recommended scripts.
However I am still not sure what the entry point for this hack was in
my setup and whether I am fully secure yet in this setup. Any
suggestions or points in this regard would be highly appreciated.
thanks
Drupal Newbie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20141029/c22c533a/attachment.html
More information about the support
mailing list