[development] Fully patched site hacked and cloaked
Nicolas Tostin
nicolast at logis.com.mx
Wed Jan 27 16:09:39 UTC 2010
Is it a good security tip to monitor the integrity of Drupal sources by
using MD5 hashes on the files ?
Is there a known/efficient way to achieve this ?
----- Original Message -----
From: "Laura" <pinglaura at gmail.com>
To: <development at drupal.org>
Sent: Wednesday, January 27, 2010 9:53 AM
Subject: Re: [development] Fully patched site hacked and cloaked
On Jan 27, 2010, at Wed 1/27/10 4:45am, Gerhard Killesreiter wrote:
> Were you able to determine the attach vector that was used to be able
> to modify bootstrap.inc?
I just saw this performed on a D5 site. Bootstrap.inc was indeed altered, an
additional system.php file was inserted in the modules folder, and the
pernicious (drug) website files were inserted into the cgi folder *above*
the webroot. The code was sniffing passwords. Several files contained
nothing but hashes.
I mention this because if we see a pattern across many sites, this entire
conversation should move to security reports offline.
Laura
More information about the development
mailing list