[development] Fully patched site hacked and cloaked

Khalid Baheyeldin kb at 2bits.com
Wed Jan 27 14:43:01 UTC 2010


Yes, but you don't

On Wed, Jan 27, 2010 at 9:35 AM, Nilesh Govindarajan <lists at itech7.com>wrote:

> On 01/27/2010 08:01 PM, Gerhard Killesreiter wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Adam Gregory schrieb:
>>
>>> This is more a server security issue rather than a Drupal one. I've seen
>>> this happen with Drupal, Joomla, Wordpress and custom PHP code. It
>>> really most likely means that access to the server/host was compromised
>>> at some point.
>>>
>>> There are lost of things that can be done to prevent this like
>>> chmod/own-ing your file system correctly(As Gerhard touched on). This is
>>> also a good reason to use SFTP rather then FTP as passwords in SFTP are
>>> sent encrypted and FTP are not leaving them open to a *man-in-the-middle
>>> attack.*
>>>
>>
>> People still using FTP in 2010 should be shot on sight.
>>
>> Cheers,
>>        Gerhard
>>
>
> *ahem*
>
> Public mirrors do use them ?
>
> FTP is good if you can configure it properly. It can be a big bug in the
> security as happened in this case if not configured properly :)


Yes, but public mirrors do not require passwords. What Gerhard is talking
about is uploading stuff to your site via an FTP account with a user name
and password.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20100127/ca8a783a/attachment.html 


More information about the development mailing list