Hello, I found the following in the Drupal system log. It looks like this is an intrusion via PHP or SQL. Apparently the attack failed. C Correct ? What should I do to enforce or correct the Drupal security ? Current version is latest 7.32 and it is reported 'Up to date' via drush. http://www.xxx.xxx|1415110013|php|103.228.71.39|http://www.xxx.xxx/?q=user/login/|http://www.xxx.xxx/?q=user/login/|0||Warning: mb_strlen() expects parameter 1 to be string, array given in drupal_strlen() (line 478 of /var/www/drupal7/includes/unicode.inc). http://www.xxx.xxx|1415110013|php|103.228.71.39|http://www.xxx.xxx/?q=user/login/|http://www.xxx.xxx/?q=user/login/|0||Warning: addcslashes() expects parameter 1 to be string, array given in DatabaseConnection->escapeLike() (line 984 of /var/www/drupal7/includes/database/database.inc). http://www.xxx.xxx|1415110013|php|103.228.71.39|http://www.xxx.xxx/?q=user/login/|http://www.xxx.xxx/?q=user/login/|0||PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' '111111' AND status = 1' at line 1: SELECT * FROM {users} WHERE name = :name_0, :name_1 AND status = 1; Array#012(#012 [:name_0] => admin#012 [:name_1] => 111111#012)#012 in user_login_authenticate_validate() (line 2149 of /var/www/drupal7/modules/user/user.module). Thanks for follow-up and help. Bruno