Hi Rob,
I have personally had experience with this type of attack, as it affected one of my production servers, where they got in from phpBB2. A simple upgrade fixed the problem.
If your hosting company keeps putting the squeeze on you for it, there's nothing you can do except tell them to upgrade their version of drupal, because that's the way they're getting in.
Michael.
--- Rob rob@rwneill.com wrote:
The CPanel on my host only offers up to 4.6.3.
Rob
On 12/15/05, Morbus Iff morbus@disobey.com wrote:
My hosting company has twice recently claimed
there are IRC hacking
files in one of my accounts which uses Drupal.
Has anyone had this
experience or have any idea how they could be
uploaded into my account
like that? Is there a security hole in Drupal
that could cause this?
It's entirely possible if you're still using a
version of Drupal that has
the XML-RPC bug (upgrade to 4.6.5, please!) -
someone could easily have
done it (I've seen the attack numerous times
against numerous apps).
-- Morbus Iff ( you are nothing without your robot
car, NOTHING! )
Culture: http://www.disobey.com/ and
O'Reilly Author, Weblog, Cook:
http://www.oreillynet.com/pub/au/779
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff
/ jabber.org: morbus
-- [ Drupal support list | http://lists.drupal.org/ ]
--
[ Drupal support list | http://lists.drupal.org/ ]
Send instant messages to your online friends http://au.messenger.yahoo.com