Re: [drupal-support] Restoring hacked site -- (Psychophobia backdoor)

On 18 Jul 2005, at 10:03 AM, Gerhard Killesreiter wrote:

On Mon, 18 Jul 2005, Dan Baum wrote:

...

Can we be sure we're not transferring any infected stuff if we copy the data from the old mysql database?

You never can be sure.

If you were running 4.4, then only nodes of type page and book were allowed to contain php code. You need to check that no node contains php that somebody else put in there. This could possibly constitute a back door to your Drupal install and thus your server.

Cheers, Gerhard

Also check - no database users added; permissions are minimal - make sure that no stored procedure/functions have been added if you are using MySQL 5.

Regards, Djun