[development] Fully patched site hacked and cloaked

Nilesh Govindarajan lists at itech7.com
Wed Jan 27 14:27:40 UTC 2010

On 01/27/2010 05:44 PM, Adam Gregory wrote:
> This is more a server security issue rather than a Drupal one. I've seen
> this happen with Drupal, Joomla, Wordpress and custom PHP code. It
> really most likely means that access to the server/host was compromised
> at some point.
> There are lost of things that can be done to prevent this like
> chmod/own-ing your file system correctly(As Gerhard touched on). This is
> also a good reason to use SFTP rather then FTP as passwords in SFTP are
> sent encrypted and FTP are not leaving them open to a *man-in-the-middle
> attack.*
> Ultimately though it's a good example of how Drupal can only go so far
> in keeping itself secure but there are still plenty of other ways out
> side Drupals area of responsibility that your site can be compromised.
> -----
> Adam A. Gregory
> Drupal Developer & Consultant
> Web: AdamAGregory.com
> Twitter: twitter.com/adamgregory <http://twitter.com/adamgregory>
> Phone: 910.808.1717
> Cell: 706.761.7375
> On Wed, Jan 27, 2010 at 6:53 AM, Fred Jones <fredthejonester at gmail.com
> <mailto:fredthejonester at gmail.com>> wrote:
>      > I also wonder whether Drupal could be adjusted so as to
>     automatically set
>      > file bootstrap.inc, and perhaps other critical ones, as
>     read-only. So far it
>      > is done only with settings.php file.
>     Well if they did it via FTP, that wouldn't help...
>     F

Yeah, this is more of a server security related thing. The server must 
have been open at some port probably FTP with insecure settings.

Nilesh Govindarajan
Site & Server Adminstrator

More information about the development mailing list