-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Laura schrieb:
On Jan 27, 2010, at Wed 1/27/10 4:45am, Gerhard Killesreiter wrote:
Were you able to determine the attach vector that was used to be able to modify bootstrap.inc?
I just saw this performed on a D5 site. Bootstrap.inc was indeed altered, an additional system.php file was inserted in the modules folder, and the pernicious (drug) website files were inserted into the cgi folder *above* the webroot. The code was sniffing passwords.
You mean the code was sniffing the passwords that the users entered into the Drupal site?
Several files contained nothing but hashes.
Password hashes? Or were these obfuscated scripts? Feel free to sent them to me in private. Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktg3NwACgkQfg6TFvELooQw6gCferHAGyPCl4Ifed+x6r4eeMgT 0a4AnA8gb9Ms4X96Tss+8PnCsNTV4xVj =0uE0 -----END PGP SIGNATURE-----