[development] Fully patched site hacked and cloaked

Nilesh Govindarajan lists at itech7.com
Wed Jan 27 14:35:48 UTC 2010

On 01/27/2010 08:01 PM, Gerhard Killesreiter wrote:
> Hash: SHA1
> Adam Gregory schrieb:
>> This is more a server security issue rather than a Drupal one. I've seen
>> this happen with Drupal, Joomla, Wordpress and custom PHP code. It
>> really most likely means that access to the server/host was compromised
>> at some point.
>> There are lost of things that can be done to prevent this like
>> chmod/own-ing your file system correctly(As Gerhard touched on). This is
>> also a good reason to use SFTP rather then FTP as passwords in SFTP are
>> sent encrypted and FTP are not leaving them open to a *man-in-the-middle
>> attack.*
> People still using FTP in 2010 should be shot on sight.
> Cheers,
> 	Gerhard
> Version: GnuPG v1.4.9 (GNU/Linux)
> T84An0Indo7tLq2M5RsoY7JlwsM0yhkw
> =cMDj


Public mirrors do use them ?

FTP is good if you can configure it properly. It can be a big bug in the 
security as happened in this case if not configured properly :)

Nilesh Govindarajan
Site & Server Adminstrator

More information about the development mailing list