[development] Fully patched site hacked and cloaked

Adam Gregory arcaneadam at gmail.com
Wed Jan 27 12:14:17 UTC 2010

This is more a server security issue rather than a Drupal one. I've seen
this happen with Drupal, Joomla, Wordpress and custom PHP code. It really
most likely means that access to the server/host was compromised at some

There are lost of things that can be done to prevent this like chmod/own-ing
your file system correctly(As Gerhard touched on). This is also a good
reason to use SFTP rather then FTP as passwords in SFTP are sent encrypted
and FTP are not leaving them open to a *man-in-the-middle attack.*

Ultimately though it's a good example of how Drupal can only go so far in
keeping itself secure but there are still plenty of other ways out side
Drupals area of responsibility that your site can be compromised.
Adam A. Gregory
Drupal Developer & Consultant
Web: AdamAGregory.com
Twitter: twitter.com/adamgregory
Phone: 910.808.1717
Cell: 706.761.7375

On Wed, Jan 27, 2010 at 6:53 AM, Fred Jones <fredthejonester at gmail.com>wrote:

> > I also wonder whether Drupal could be adjusted so as to automatically set
> > file bootstrap.inc, and perhaps other critical ones, as read-only. So far
> it
> > is done only with settings.php file.
> Well if they did it via FTP, that wouldn't help...
> F
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100127/e9fe2d58/attachment.html 

More information about the development mailing list