<div>Hi,</div><div><br></div><div>as I'm new to Drupal, I used Drupal Gardens in a first time and now I've imported my website directly to my server.</div><div><br></div><div>The problem I have is that for the second time in 2 weeks my copyright image in the bottom of my website site is "hacked"...</div>
<div>You can see it here : <a href="http://www.chab.info">www.chab.info</a></div><div><br></div><div>Nothing else changed. Last week when I happened I changed my drupal admin and mysql password and I added restrictive rules in my firewall (iptables), however it happened again !</div>
<div><br></div><div>Now Drupal want to search the copyright image in a china server :</div><div><a href="http://58.218.204.110/sites/default/files/styles/large/public/copyright_0.png">http://58.218.204.110/sites/default/files/styles/large/public/copyright_0.png</a></div>
<meta http-equiv="content-type" content="text/html; charset=utf-8"><div><br></div><div>instead of</div><div><a href="http://www.chab.info/sites/default/files/styles/large/public/copyright_0.png">http://www.chab.info/sites/default/files/styles/large/public/copyright_0.png</a></div>
<div><br></div><div>To correct it last time, I just edit the copyright block and validated it again with no change and it corrected the path.</div><div><br></div><div>I already have fail2ban and a good security level for apache (in my opinion), so I don't know what to do now ?</div>
<div>Thanks in advance to give me any idea, comment ?</div><div><br></div><div>It seems (see logs below) that this chinese server want to see if I have a proxy running (I don't). But why and HOW did it change my website content ???</div>
<div><br></div><div>Here are the apache's logs (errors) :</div><div>58.218.204.110 - - [13/Mar/2011:15:49:51 +0100] "GET <a href="http://98.126.15.13/proxyheader.php">http://98.126.15.13/proxyheader.php</a> HTTP/1.1" 404 25195 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [14/Mar/2011:12:30:38 +0100] "GET <a href="http://www.eduju.com/proxyheader.php">http://www.eduju.com/proxyheader.php</a> HTTP/1.1" 404 25219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [14/Mar/2011:16:37:02 +0100] "GET <a href="http://www.mtajp.com/proxyheader.php">http://www.mtajp.com/proxyheader.php</a> HTTP/1.1" 404 25219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [14/Mar/2011:20:45:36 +0100] "GET <a href="http://98.126.64.106/judge123.php">http://98.126.64.106/judge123.php</a> HTTP/1.1" 404 25204 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [15/Mar/2011:00:52:37 +0100] "GET <a href="http://www.cjpjp.com/proxyheader.php">http://www.cjpjp.com/proxyheader.php</a> HTTP/1.1" 404 25219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [15/Mar/2011:04:59:41 +0100] "GET <a href="http://www.cjpjp.com/proxyheader.php">http://www.cjpjp.com/proxyheader.php</a> HTTP/1.1" 404 25219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [15/Mar/2011:13:18:18 +0100] "GET <a href="http://www.foodnese.com/indux.php">http://www.foodnese.com/indux.php</a> HTTP/1.1" 404 25285 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [15/Mar/2011:17:24:56 +0100] "GET <a href="http://www.mtajp.com/proxyheader.php">http://www.mtajp.com/proxyheader.php</a> HTTP/1.1" 404 25218 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [16/Mar/2011:05:51:12 +0100] "GET <a href="http://58.218.199.147:7182/judge.php">http://58.218.199.147:7182/judge.php</a> HTTP/1.1" 404 25225 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [17/Mar/2011:02:32:28 +0100] "GET <a href="http://58.218.204.110:7182/judge.php">http://58.218.204.110:7182/judge.php</a> HTTP/1.1" 404 25225 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [17/Mar/2011:23:11:37 +0100] "GET <a href="http://ppcfinder.net/judge.php">http://ppcfinder.net/judge.php</a> HTTP/1.1" 404 25188 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [18/Mar/2011:15:45:51 +0100] "GET <a href="http://www.eduju.com/proxyheader.php">http://www.eduju.com/proxyheader.php</a> HTTP/1.1" 404 25218 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [19/Mar/2011:04:11:31 +0100] "GET <a href="http://www.shopsline.com/proxyheader.php">http://www.shopsline.com/proxyheader.php</a> HTTP/1.1" 404 25346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>
<div>58.218.204.110 - - [19/Mar/2011:12:26:38 +0100] "GET <a href="http://58.218.204.110:7182/judge.php">http://58.218.204.110:7182/judge.php</a> HTTP/1.1" 404 25226 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"</div>