Is it a good security tip to monitor the integrity of Drupal sources by using MD5 hashes on the files ? Is there a known/efficient way to achieve this ? ----- Original Message ----- From: "Laura" <pinglaura@gmail.com> To: <development@drupal.org> Sent: Wednesday, January 27, 2010 9:53 AM Subject: Re: [development] Fully patched site hacked and cloaked On Jan 27, 2010, at Wed 1/27/10 4:45am, Gerhard Killesreiter wrote:
Were you able to determine the attach vector that was used to be able to modify bootstrap.inc?
I just saw this performed on a D5 site. Bootstrap.inc was indeed altered, an additional system.php file was inserted in the modules folder, and the pernicious (drug) website files were inserted into the cgi folder *above* the webroot. The code was sniffing passwords. Several files contained nothing but hashes. I mention this because if we see a pattern across many sites, this entire conversation should move to security reports offline. Laura