The only place where Drupal deploys FTP is in the updates system. Given that this system requires that you have the permissions to use it I think it is safe to say that Drupal was not compromised to provide access to FTP. <div>
<br></div><div>FTP is not a secure protocol and should be avoided.</div><div><br></div><div>If the only file that was changed out what a new index.php than this does not sound like any type of Drupal attack either. </div>
<div><br></div><div>I think it is safe to say that Drupal was not the cause of this unless you have something specific in your logs that shows otherwise. </div><div><br></div><div>Hope this helps you.</div><div><br></div>
<div>-Steve</div><div><br><div class="gmail_quote">On Thu, Oct 25, 2012 at 8:06 PM, <span dir="ltr"><<a href="mailto:lamp@afan.net" target="_blank">lamp@afan.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
My development website (Drupal 7.15) setup 2 weeks ago. Only View and<br>
Chaos Tools Suite Modules installed.<br>
I contacted hosting company and they said it's compromised through FTP<br>
-what I don't believe (if it's truth I'm really screwed because there is<br>
tons of other sites too :( )<br>
I got "Security update" message but, since it's development website, I<br>
wasn't rushin'<br>
<br>
What's chances it's really FTP or something else? No other problems but<br>
"new" index page. Though, they could "planted" something?<br>
<br>
Suggestions?<br>
<br>
Thanks for any help,<br>
LAMP<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Steve Kessler<div>Owner and Lead Consultant </div><div>Denver DataMan, LLC </div><div>303-587-4428</div><br>
</div>