[support] Hacked Drupal Site
Fred Jones
fredthejonester at gmail.com
Thu Apr 15 17:26:16 UTC 2010
> I don't know whether it was a Drupal issue: I was running 6.14 and had
> a couple of modules that were one step behind on upgrading, but
> nothing that seemed too dangerous. All vistiors to my site are
> anonymous and can't upload any files etc.
Most probably your FTP account credentials were compromised. That's
what I would guess. Or the server itself.
> Is there anything I can do on a production site to make sure this
> doesn't happen again? Without knowing where the attack came from I'm a
> bit concerned. Would copying index.php to (say) front.php, get
> htaccess to use that as the default page, and create a dummy index.php
> fool an automated attack? Probably not.
Probably would actually. I'm not much of a hacker but I doubt they are
that sophisticated.
> Alternatively, does anyone know of a good monitoring service that
> would text me if a page on a site changes, so at least I know
> straightaway if this happens again, rather than it being up over a
> weekend.
http://acquia.com/
http://drupal.org/project/nagios
HTH
More information about the support
mailing list