[support] Cleaning up from the Oct. 15th hack.
Muzaffer Tolga Ozses
tolga at ozses.net
Fri Oct 31 17:52:34 UTC 2014
In my case, attackers had created a role called drupaldev and a user called
megauser belonging to that role.
On 31 Oct 2014 19:47, "Metzler, David" <metzlerd at evergreen.edu> wrote:
> It’s not complete but I’ve heard of people using:
>
>
>
> https://www.drupal.org/project/drupalgeddon
>
>
>
> To help get a handle on the files cleanup. I haven’t heard anything about
> db yet, but there are some useful links on the project page.
>
>
>
>
>
> Good Luck,
>
>
>
> Dave
>
>
>
>
>
> *From:* support-bounces at drupal.org [mailto:support-bounces at drupal.org] *On
> Behalf Of *Patrick Avella
> *Sent:* Friday, October 31, 2014 10:04 AM
> *To:* support at drupal.org
> *Subject:* [support] Cleaning up from the Oct. 15th hack.
>
>
>
> Hi, I maintain around 60 multisites that got hacked like all sites on the
> 15th. Has anyone developed a method of cleaning out the database for
> malicious code? The file system I can handle on my own.
>
> PSA chances are you were hacked on Oct 15th please visit Drupal.org to
> learn more.
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20141031/4bcb0121/attachment.html
More information about the support
mailing list