<p dir="ltr">Also make sure that ftp access is secure. Monitor which accounts have write permissions. Always use most secure versions of drupal.</p>
<div class="gmail_quote">On 29 Oct 2014 03:26, "Ahilan Rajan" <<a href="mailto:ahilan@vulcantechsoftware.com">ahilan@vulcantechsoftware.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote">Hi,<br>
<br>
I had installed drupal 7.21 to run a simple website on my server. All<br>
seemed well till one day last week I started getting huge amount of<br>
spam emails from the server which was hosting the website.<br>
<br>
On further analysis of the postfix mail queue on the server, I found<br>
all the emails were generated by TWO php files (css76.php in the<br>
modules/panels/js directory and session.php in the<br>
sites/all/libraries/jquery.cycle directory) . These two files were<br>
NEWLY created/injected files and seemed bogus containing a number of<br>
symbols along with a base64_decode return statement.<br>
<br>
Clearly my drupal setup had been hacked and someone had successfully<br>
injected these files to send spam email (amongst other things I<br>
presume)<br>
<br>
I shutdown the site, installed Security Review and Hacked modules and<br>
carried out their recommendations and also checked my file permissions<br>
via recommended scripts.<br>
<br>
However I am still not sure what the entry point for this hack was in<br>
my setup and whether I am fully secure yet in this setup. Any<br>
suggestions or points in this regard would be highly appreciated.<br>
<br>
thanks<br>
Drupal Newbie<br>
</div><br>
</div>
<br>--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br></blockquote></div>