Hi David,
You asked for a monitoring solution that will alert you if your site is modified or gets hacked/with malware.
You could try http://sucuri.net. That's exactly what it does :)
As far as your malware problem, we are seeing a large number of desktop virus stealing FTP/SFTP credentials stored on FTP/SFTP clients. Have you changed your password? Are you running a good AV as well?
Thanks,
(Not sure if there's a better place to ask this)
My Drupal site was hacked recently. index.php was modified at the top to include another file which was a static page with a lot of nonsense about Cialis but also had a nasty <?php eval(gzinflate(base64_decode([string])) ?> at the bottom.
I don't know whether it was a Drupal issue: I was running 6.14 and had a couple of modules that were one step behind on upgrading, but nothing that seemed too dangerous. All vistiors to my site are anonymous and can't upload any files etc.
My site is hosted on Rackspace Cloud Sites and I use SFTP. I'm not aware of anything dodgy on my local system (Kaspersky doesn't report anything).
I've edited index.php and deleted a few files I have found on the site.
I've changed my FTP password.
Is there anything I can do on a production site to make sure this doesn't happen again? Without knowing where the attack came from I'm a bit concerned. Would copying index.php to (say) front.php, get htaccess to use that as the default page, and create a dummy index.php fool an automated attack? Probably not.
Alternatively, does anyone know of a good monitoring service that would text me if a page on a site changes, so at least I know straightaway if this happens again, rather than it being up over a weekend.