The only place where Drupal deploys FTP is in the updates system. Given that this system requires that you have the permissions to use it I think it is safe to say that Drupal was not compromised to provide access to FTP.
FTP is not a secure protocol and should be avoided.
If the only file that was changed out what a new index.php than this does not sound like any type of Drupal attack either.
I think it is safe to say that Drupal was not the cause of this unless you have something specific in your logs that shows otherwise.
Hope this helps you.
-Steve
On Thu, Oct 25, 2012 at 8:06 PM, lamp@afan.net wrote:
Hi, My development website (Drupal 7.15) setup 2 weeks ago. Only View and Chaos Tools Suite Modules installed. I contacted hosting company and they said it's compromised through FTP -what I don't believe (if it's truth I'm really screwed because there is tons of other sites too :( ) I got "Security update" message but, since it's development website, I wasn't rushin'
What's chances it's really FTP or something else? No other problems but "new" index page. Though, they could "planted" something?
Suggestions?
Thanks for any help, LAMP
-- [ Drupal support list | http://lists.drupal.org/ ]