[development] Fully patched site hacked and cloaked
Nilesh Govindarajan
lists at itech7.com
Wed Jan 27 14:27:40 UTC 2010
On 01/27/2010 05:44 PM, Adam Gregory wrote:
> This is more a server security issue rather than a Drupal one. I've seen
> this happen with Drupal, Joomla, Wordpress and custom PHP code. It
> really most likely means that access to the server/host was compromised
> at some point.
>
> There are lost of things that can be done to prevent this like
> chmod/own-ing your file system correctly(As Gerhard touched on). This is
> also a good reason to use SFTP rather then FTP as passwords in SFTP are
> sent encrypted and FTP are not leaving them open to a *man-in-the-middle
> attack.*
>
> Ultimately though it's a good example of how Drupal can only go so far
> in keeping itself secure but there are still plenty of other ways out
> side Drupals area of responsibility that your site can be compromised.
> -----
> Adam A. Gregory
> Drupal Developer & Consultant
> Web: AdamAGregory.com
> Twitter: twitter.com/adamgregory <http://twitter.com/adamgregory>
> Phone: 910.808.1717
> Cell: 706.761.7375
>
>
> On Wed, Jan 27, 2010 at 6:53 AM, Fred Jones <fredthejonester at gmail.com
> <mailto:fredthejonester at gmail.com>> wrote:
>
> > I also wonder whether Drupal could be adjusted so as to
> automatically set
> > file bootstrap.inc, and perhaps other critical ones, as
> read-only. So far it
> > is done only with settings.php file.
>
> Well if they did it via FTP, that wouldn't help...
>
> F
>
>
Yeah, this is more of a server security related thing. The server must
have been open at some port probably FTP with insecure settings.
--
Nilesh Govindarajan
Site & Server Adminstrator
www.itech7.com
More information about the development
mailing list