[drupal-devel] A1TS hack?
evan.heidtmann at gmail.com
Tue Jul 26 16:29:53 UTC 2005
As others have pointed out, they likely have not applied the security
fixes released almost a month ago.
I'm also wondering: why were these sites running such that the web
server had write access to index.php?
On 7/25/05, Bob Doyle <bobdoyle at skybuilders.com> wrote:
> Hi all,
> Quite a few Drupal sites appear to have been hit by this hack in the last
> few days?
> Linux servicesb.skybuilders.com 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003
> i686 i686 i386 GNU/Linux
> uid=0(root) gid=0(root)
> Nothing Deleted
> They only replace the main index.php file and touch a couple of images
> folders (without altering or adding images).
> Is there a fix to prevent this happening again?
> Bob Doyle
> Editor In Chief, CMS Review - http://www.cmsreview.com
> Technology Adviser, CM Pros - http://www.cmprofessionals.org
> CEO, skyBuilders - http://www.skybuilders.com
> 77 Huron Avenue
> Cambridge, MA 02138
More information about the drupal-devel