The only place where Drupal deploys FTP is in the updates system. Given that this system requires that you have the permissions to use it I think it is safe to say that Drupal was not compromised to provide access to FTP.  <div>

<br></div><div>FTP is not a secure protocol and should be avoided.</div><div><br></div><div>If the only file that was changed out what a new index.php than this does not sound like any type of Drupal attack either.  </div>

<div><br></div><div>I think it is safe to say that Drupal was not the cause of this unless you have something specific in your logs that shows otherwise. </div><div><br></div><div>Hope this helps you.</div><div><br></div>

<div>-Steve</div><div><br><div class="gmail_quote">On Thu, Oct 25, 2012 at 8:06 PM,  <span dir="ltr">&lt;<a href="mailto:lamp@afan.net" target="_blank">lamp@afan.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Hi,<br>
My development website (Drupal 7.15) setup 2 weeks ago. Only View and<br>
Chaos Tools Suite Modules installed.<br>
I contacted hosting company and they said it&#39;s compromised through FTP<br>
-what I don&#39;t believe (if it&#39;s truth I&#39;m really screwed because there is<br>
tons of other sites too :( )<br>
I got &quot;Security update&quot; message but, since it&#39;s development website, I<br>
wasn&#39;t rushin&#39;<br>
<br>
What&#39;s chances it&#39;s really FTP or something else? No other problems but<br>
&quot;new&quot; index page. Though, they could &quot;planted&quot; something?<br>
<br>
Suggestions?<br>
<br>
Thanks for any help,<br>
LAMP<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>Steve Kessler<div>Owner and Lead Consultant </div><div>Denver DataMan, LLC </div><div>303-587-4428</div><br>
</div>