> Is it a good security tip to monitor the integrity of Drupal sources by
> using MD5 hashes on the files ?
> Is there a known/efficient way to achieve this ?

http://drupal.org/project/md5check

But this is a drupal module, and thus pretty useless, because it is
part of the system that you're looking to stop being modified. Better
to just hash some files on cron or something if you care to leave your
drupal installation writeable by the web server.

Regards
Steven Jones
ComputerMinds ltd - Perfect Drupal Websites

Phone : 024 7666 7277
Mobile : 07702 131 576
Twitter : darthsteven
http://www.computerminds.co.uk



2010/1/27 Nicolas Tostin <nicolast@logis.com.mx>:

> Is it a good security tip to monitor the integrity of Drupal sources by
> using MD5 hashes on the files ?
> Is there a known/efficient way to achieve this ?
>
>
> ----- Original Message -----
> From: "Laura" <pinglaura@gmail.com>
> To: <development@drupal.org>
> Sent: Wednesday, January 27, 2010 9:53 AM
> Subject: Re: [development] Fully patched site hacked and cloaked
>
>
> On Jan 27, 2010, at Wed 1/27/10 4:45am, Gerhard Killesreiter wrote:
>
>> Were you able to determine the attach vector that was used to be able
>> to modify bootstrap.inc?
>
> I just saw this performed on a D5 site. Bootstrap.inc was indeed altered, an
> additional system.php file was inserted in the modules folder, and the
> pernicious (drug) website files were inserted into the cgi folder *above*
> the webroot. The code was sniffing passwords. Several files contained
> nothing but hashes.
>
> I mention this because if we see a pattern across many sites, this entire
> conversation should move to security reports offline.
>
> Laura
>
>