[drupal-devel] A1TS hack?
Evan Heidtmann
evan.heidtmann at gmail.com
Tue Jul 26 16:29:53 UTC 2005
As others have pointed out, they likely have not applied the security
fixes released almost a month ago.
I'm also wondering: why were these sites running such that the web
server had write access to index.php?
On 7/25/05, Bob Doyle <bobdoyle at skybuilders.com> wrote:
> Hi all,
>
> Quite a few Drupal sites appear to have been hit by this hack in the last
> few days?
>
>
>
>
>
> Linux servicesb.skybuilders.com 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003
> i686 i686 i386 GNU/Linux
> uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),503(skyapp)
>
>
> Nothing Deleted
>
> They only replace the main index.php file and touch a couple of images
> folders (without altering or adding images).
>
> Is there a fix to prevent this happening again?
>
> --
> Bob Doyle
> Editor In Chief, CMS Review - http://www.cmsreview.com
> Technology Adviser, CM Pros - http://www.cmprofessionals.org
> CEO, skyBuilders - http://www.skybuilders.com
> 77 Huron Avenue
> Cambridge, MA 02138
> 617-876-5678
>
More information about the drupal-devel
mailing list