On 01/27/2010 08:09 PM, David Shaver wrote:
Sounds to me like Gumblar Virus see this link http://blog.scansafe.com/journal/2009/11/18/where-to-look-for-gumblar-backdo...
David A. Shaver D. A. Shaver Web Design Web Page Design for Small Business www.dashaver.com <http://www.dashaver.com> PO Box 594 Galesburg,IL 61402-0594 309.343.0027
On Wed, Jan 27, 2010 at 8:22 AM, Ken Rickard <agentrickard@gmail.com <mailto:agentrickard@gmail.com>> wrote:
I had something similar happen on WordPress. It was a simple FTP (non-secure) password sniffer watching network traffic to the host. My site would get hacked within twenty minutes of making a change via FTP.
I finally forced the hosting provider to support SFTP for my account.
On Wed, Jan 27, 2010 at 7:14 AM, Adam Gregory <arcaneadam@gmail.com <mailto:arcaneadam@gmail.com>> wrote: > This is more a server security issue rather than a Drupal one. I've seen > this happen with Drupal, Joomla, Wordpress and custom PHP code. It really > most likely means that access to the server/host was compromised at some > point. > > There are lost of things that can be done to prevent this like chmod/own-ing > your file system correctly(As Gerhard touched on). This is also a good > reason to use SFTP rather then FTP as passwords in SFTP are sent encrypted > and FTP are not leaving them open to a man-in-the-middle attack. > > Ultimately though it's a good example of how Drupal can only go so far in > keeping itself secure but there are still plenty of other ways out side > Drupals area of responsibility that your site can be compromised. > ----- > Adam A. Gregory > Drupal Developer & Consultant > Web: AdamAGregory.com > Twitter: twitter.com/adamgregory <http://twitter.com/adamgregory> > Phone: 910.808.1717 > Cell: 706.761.7375 > > > On Wed, Jan 27, 2010 at 6:53 AM, Fred Jones <fredthejonester@gmail.com <mailto:fredthejonester@gmail.com>> > wrote: >> >> > I also wonder whether Drupal could be adjusted so as to automatically >> > set >> > file bootstrap.inc, and perhaps other critical ones, as read-only. So >> > far it >> > is done only with settings.php file. >> >> Well if they did it via FTP, that wouldn't help... >> >> F > >
-- Ken Rickard agentrickard@gmail.com <mailto:agentrickard@gmail.com> http://ken.therickards.com
No Flame Wars, but using Linux prevents viruses ;) -- Nilesh Govindarajan Site & Server Adminstrator www.itech7.com