[support] Hacked Drupal Site

[David]

(Not sure if there's a better place to ask this)

My Drupal site was hacked recently. index.php was modified at the top
to include another file which was a static page with a lot of nonsense
about Cialis but also had a nasty <?php
eval(gzinflate(base64_decode([string])) ?> at the bottom.

I don't know whether it was a Drupal issue: I was running 6.14 and had
a couple of modules that were one step behind on upgrading, but
nothing that seemed too dangerous. All vistiors to my site are
anonymous and can't upload any files etc.

My site is hosted on Rackspace Cloud Sites and I use SFTP. I'm not
aware of anything dodgy on my local system (Kaspersky doesn't report
anything).

I've edited index.php and deleted a few files I have found on the site.

I've changed my FTP password.

Is there anything I can do on a production site to make sure this
doesn't happen again? Without knowing where the attack came from I'm a
bit concerned. Would copying index.php to (say) front.php, get
htaccess to use that as the default page, and create a dummy index.php
fool an automated attack? Probably not.

Alternatively, does anyone know of a good monitoring service that
would text me if a page on a site changes, so at least I know
straightaway if this happens again, rather than it being up over a
weekend.