<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Change your server passwords too.
There's a chance they could have got a hold of your password
somehow and just uploaded the file through ftp/sftp.<br>
<pre class="moz-signature" cols="72">Jamie Holly
<a class="moz-txt-link-freetext" href="http://hollyit.net">http://hollyit.net</a></pre>
On 12/12/2013 2:42 PM, Info Razor wrote:<br>
</div>
<blockquote cite="mid:FB6691FF0AD1468FB60BC70F18AB2FF0@gmail.com"
type="cite">
<div> Hello, </div>
<div><br>
</div>
<div>I just got one site hacked by this user:</div>
<div><br>
</div>
<div><a class="moz-txt-link-freetext" href="http://www.youtube.com/channel/UCjDqea5YaXQe8N77N5SPqaQ">http://www.youtube.com/channel/UCjDqea5YaXQe8N77N5SPqaQ</a></div>
<div><br>
</div>
<div>Or at least that's what his file says in my public_html
folder. There is a text file with inside of it, taking credit
for the entry:</div>
<div><br>
</div>
<div>HACKED BY <a class="moz-txt-link-abbreviated" href="mailto:XZADX-xzadx@jabber.org">XZADX-xzadx@jabber.org</a></div>
<div><br>
</div>
<div>Is this hack fixed by the recent update 6.29?</div>
<div><br>
</div>
<div>Or is this a different sort of attack? I tried to google this
but didn't find any reported connections to this tagline, but I
did find at least a few other Drupal sites with this text file
in it when I google for it.</div>
<div><br>
</div>
<div>I changed all my database user names and passwords, htaccess
checked in all the file/tmp folders, are there other precautions
necessary?</div>
<div><br>
</div>
<div>Thanks.</div>
<div>
<div><br>
</div>
<div>-- </div>
<div>Info Razor</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>