[development] Fully patched site hacked and cloaked

Ken Rickard agentrickard at gmail.com
Wed Jan 27 14:22:12 UTC 2010


I had something similar happen on WordPress. It was a simple FTP
(non-secure) password sniffer watching network traffic to the host.
My site would get hacked within twenty minutes of making a change via
FTP.

I finally forced the hosting provider to support SFTP for my account.

On Wed, Jan 27, 2010 at 7:14 AM, Adam Gregory <arcaneadam at gmail.com> wrote:
> This is more a server security issue rather than a Drupal one. I've seen
> this happen with Drupal, Joomla, Wordpress and custom PHP code. It really
> most likely means that access to the server/host was compromised at some
> point.
>
> There are lost of things that can be done to prevent this like chmod/own-ing
> your file system correctly(As Gerhard touched on). This is also a good
> reason to use SFTP rather then FTP as passwords in SFTP are sent encrypted
> and FTP are not leaving them open to a man-in-the-middle attack.
>
> Ultimately though it's a good example of how Drupal can only go so far in
> keeping itself secure but there are still plenty of other ways out side
> Drupals area of responsibility that your site can be compromised.
> -----
> Adam A. Gregory
> Drupal Developer & Consultant
> Web: AdamAGregory.com
> Twitter: twitter.com/adamgregory
> Phone: 910.808.1717
> Cell: 706.761.7375
>
>
> On Wed, Jan 27, 2010 at 6:53 AM, Fred Jones <fredthejonester at gmail.com>
> wrote:
>>
>> > I also wonder whether Drupal could be adjusted so as to automatically
>> > set
>> > file bootstrap.inc, and perhaps other critical ones, as read-only. So
>> > far it
>> > is done only with settings.php file.
>>
>> Well if they did it via FTP, that wouldn't help...
>>
>> F
>
>



-- 
Ken Rickard
agentrickard at gmail.com
http://ken.therickards.com


More information about the development mailing list