Meanwhile, I found the culprit:
On monday, I've had a malware on my PC. Suddenly, while
visiting a website (I do not remember him anymore), my java started working and
I had a malware on my PC. After 30 minutes, I managed to get it deleted
from my PC, but the harm was done.
I was using filezilla and there, the passwords are stored in a
simple text-file. This textfile has been sent to somewhere in Russia and then
the sites were hacked with that information.
30 minutes are already enough to do this many harm. Shame on
me, because my antivirus was complaining and I clicked Ignore instead of
Heal....
Thanks everybody
Steven
I googled some
of the code and found
this:
http://blog.bigg.net/2009/12/gnu-gpl-trywindow-onload-functionvar-trojan-fix/
-----
Original Message -----
From: steven@vermoere.net
To:
support@drupal.org
Sent: Wednesday, December 30, 2009 9:58:50 AM GMT -05:00
US/Canada Eastern
Subject: Re: [support] Hacked or not
I'll check
it ASAP, but I do not see anything special at this moment. I'll
keep you
informed.
Thanks
>> I checked the other websites that I have
and they all have the same
>> problem.
>>
>> They are
however all at other hosting companies. All usernames and
>> passwords
are different and are composed of random characters (capitals,
>>
numbers, non-capitals).
>> All Drupalversions are also different (1
most recent, other one 5,
>> another
>> one 6)
>> I
find it difficult to believe that all sites are hacked at the same
>>
time,
>> with all different hosters at different
locations.
>
> Sounds like your PC has been comprised and someone
has access to all
> FTP accounts stored there. I would run a very thorough
check on your
> local machines for viruses and/or other unwanted
nasties.
>
> F
> --
> [ Drupal support list |
http://lists.drupal.org/ ]
>
--
[ Drupal support list |
http://lists.drupal.org/ ]