-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Gregory schrieb:
This is more a server security issue rather than a Drupal one. I've seen this happen with Drupal, Joomla, Wordpress and custom PHP code. It really most likely means that access to the server/host was compromised at some point.
There are lost of things that can be done to prevent this like chmod/own-ing your file system correctly(As Gerhard touched on). This is also a good reason to use SFTP rather then FTP as passwords in SFTP are sent encrypted and FTP are not leaving them open to a *man-in-the-middle attack.*
People still using FTP in 2010 should be shot on sight. Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktgTlgACgkQfg6TFvELooRIfwCgwXmcYXDzZUotmMu7IwYCDa3s T84An0Indo7tLq2M5RsoY7JlwsM0yhkw =cMDj -----END PGP SIGNATURE-----