Update your website to the latest drupal 7.32 release.As there are many drupal 7 security releases after drupal 7.21. https://www.drupal.org/node/3060/release?api_version%5B%5D=103
On Wed, Oct 29, 2014 at 12:47 PM, Ahilan Rajan < ahilan@vulcantechsoftware.com> wrote:
Hi,
I had installed drupal 7.21 to run a simple website on my server. All seemed well till one day last week I started getting huge amount of spam emails from the server which was hosting the website.
On further analysis of the postfix mail queue on the server, I found all the emails were generated by TWO php files (css76.php in the modules/panels/js directory and session.php in the sites/all/libraries/jquery.cycle directory) . These two files were NEWLY created/injected files and seemed bogus containing a number of symbols along with a base64_decode return statement.
Clearly my drupal setup had been hacked and someone had successfully injected these files to send spam email (amongst other things I presume)
I shutdown the site, installed Security Review and Hacked modules and carried out their recommendations and also checked my file permissions via recommended scripts.
However I am still not sure what the entry point for this hack was in my setup and whether I am fully secure yet in this setup. Any suggestions or points in this regard would be highly appreciated.
thanks Drupal Newbie
-- [ Drupal support list | http://lists.drupal.org/ ]