This is more a server security issue rather than a Drupal one. I&#39;ve seen this happen with Drupal, Joomla, Wordpress and custom PHP code. It really most likely means that access to the server/host was compromised at some point.<br>

<br>There are lost of things that can be done to prevent this like chmod/own-ing your file system correctly(As Gerhard touched on). This is also a good reason to use SFTP rather then FTP as passwords in SFTP are sent encrypted and FTP are not leaving them open to a <b>man-in-the-middle attack.</b><br>

<br>Ultimately though it&#39;s a good example of how Drupal can only go so far in keeping itself secure but there are still plenty of other ways out side Drupals area of responsibility that your site can be compromised.<br clear="all">

-----<br>Adam A. Gregory<br>Drupal Developer &amp; Consultant<br>Web: AdamAGregory.com<br>Twitter: <a href="http://twitter.com/adamgregory">twitter.com/adamgregory</a><br>Phone: 910.808.1717<br>Cell: 706.761.7375<br>
<br><br><div class="gmail_quote">On Wed, Jan 27, 2010 at 6:53 AM, Fred Jones <span dir="ltr">&lt;<a href="mailto:fredthejonester@gmail.com">fredthejonester@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

<div class="im">&gt; I also wonder whether Drupal could be adjusted so as to automatically set<br>
&gt; file bootstrap.inc, and perhaps other critical ones, as read-only. So far it<br>
&gt; is done only with settings.php file.<br>
<br>
</div>Well if they did it via FTP, that wouldn&#39;t help...<br>
<font color="#888888"><br>
F<br>
</font></blockquote></div><br>