I assume you have changed your FTP password and most other passwords associated with the site, e.g. if they FTPed then they could have grabbed the settings.php file and have your database password.
Unless the password was easy to guess, it is likely that some virus scraped it off your home/work machine so any other passwords there need to be changed.
On Thu, Oct 25, 2012 at 10:33 PM, Steve Kessler skessler@denverdataman.comwrote:
The only place where Drupal deploys FTP is in the updates system. Given that this system requires that you have the permissions to use it I think it is safe to say that Drupal was not compromised to provide access to FTP.
FTP is not a secure protocol and should be avoided.
If the only file that was changed out what a new index.php than this does not sound like any type of Drupal attack either.
I think it is safe to say that Drupal was not the cause of this unless you have something specific in your logs that shows otherwise.
Hope this helps you.
-Steve
On Thu, Oct 25, 2012 at 8:06 PM, lamp@afan.net wrote:
Hi, My development website (Drupal 7.15) setup 2 weeks ago. Only View and Chaos Tools Suite Modules installed. I contacted hosting company and they said it's compromised through FTP -what I don't believe (if it's truth I'm really screwed because there is tons of other sites too :( ) I got "Security update" message but, since it's development website, I wasn't rushin'
What's chances it's really FTP or something else? No other problems but "new" index page. Though, they could "planted" something?
Suggestions?
Thanks for any help, LAMP
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Steve Kessler Owner and Lead Consultant Denver DataMan, LLC 303-587-4428
-- [ Drupal support list | http://lists.drupal.org/ ]