The body of many many nodes seemed to have been appended with a whole lot of html content by a hacker - via a script The content is appended with the html tag
which has lead to this content being there while not visible when the node is displayed.
This content is being appended to even new nodes being created! - as if some script is running. How do i stop this?
See what is being added to each node in the attached text file
Also now when i access the website - i get the following error at the top
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 995
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 596
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 597
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 598
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 599 ); ?> ); ?>
http://www.nabble.com/file/p23020939/html%2Bforeign%2Bcontent.txt html+foreign+content.txt
I sorry to hear that your site was defaced. It sounds like someone altered your index.php
Please see http://drupal.org/security/secure-configuration and perhaps http://drupal.org/node/213320
Regards, Greg
On Mon, Apr 13, 2009 at 5:16 AM, geniekids ratadi2@gmail.com wrote:
The body of many many nodes seemed to have been appended with a whole lot of html content by a hacker - via a script The content is appended with the html tag which has lead to this content being there while not visible when the node is displayed. This content is being appended to even new nodes being created! - as if some script is running. How do i stop this? See what is being added to each node in the attached text file Also now when i access the website - i get the following error at the top Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 995 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 596 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 597 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 598 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 599 ); ?> ); ?> html+foreign+content.txt ________________________________ View this message in context: website or database seemed to be hacked - help!! Sent from the Drupal - Support mailing list archive at Nabble.com.
-- [ Drupal support list | http://lists.drupal.org/ ]
Thanks Greg fpor your support. It seemed like a worm attack and i am still trying ot figure out if this was due to my settings or the host provider's insecurity ( my site is on a shared host) The links you provided are helping - and after thsi FIRST attack i have been "woken up" and noticing how important the security issue can be!
So i had to delete the whole of drupal installation and themes and modules files and copy fresh files and finally everything seems to work fine now :-) (the database luckily was untouched)
Greg Knaddison wrote:
I sorry to hear that your site was defaced. It sounds like someone altered your index.php
Please see http://drupal.org/security/secure-configuration and perhaps http://drupal.org/node/213320
Regards, Greg
On Mon, Apr 13, 2009 at 5:16 AM, geniekids ratadi2@gmail.com wrote:
The body of many many nodes seemed to have been appended with a whole lot of html content by a hacker - via a script The content is appended with the html tag which has lead to this content being there while not visible when the node is displayed. This content is being appended to even new nodes being created! - as if some script is running. How do i stop this? See what is being added to each node in the attached text file Also now when i access the website - i get the following error at the top Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 995 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 596 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 597 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 598 Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 599 ); ?> ); ?> html+foreign+content.txt ________________________________ View this message in context: website or database seemed to be hacked - help!! Sent from the Drupal - Support mailing list archive at Nabble.com.
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Greg Knaddison http://knaddison.com | 303-800-5623 | http://growingventuresolutions.com -- [ Drupal support list | http://lists.drupal.org/ ]
-
geniekids -
Greg Knaddison