Thanks Dave and Muzzafer, I got a syntax error from drush when installing the drupgeddon module.

Has anyone been able to list when common files and avenues the attack hit yet? While we all know we got hacked, there seems to be no clear description of the contents of the attack besides what's initially visible (drupal mega role, evilevily, etc)

On Fri, Oct 31, 2014 at 1:44 PM, Metzler, David <metzlerd@evergreen.edu> wrote:

It’s not complete but I’ve heard of people using:

https://www.drupal.org/project/drupalgeddon

To help get a handle on the files cleanup. I haven’t heard anything about db yet, but there are some useful links on the project page.

Good Luck,

Dave

From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Patrick Avella
Sent: Friday, October 31, 2014 10:04 AM
To: support@drupal.org
Subject: [support] Cleaning up from the Oct. 15th hack.

Hi, I maintain around 60 multisites that got hacked like all sites on the 15th. Has anyone developed a method of cleaning out the database for malicious code? The file system I can handle on my own.

PSA chances are you were hacked on Oct 15th please visit Drupal.org to learn more.

--
[ Drupal support list | http://lists.drupal.org/ ]