Posted by RKopacz on August 13, 2011 at 12:30pm
I have a question, not sure where to post it. I suffered a hack to a Drupal site. I suspect that the hacker got in through the hosts admin panel and thereby got access to the root via FTP, the Database, everything. I want to be sure that no malicious script or code was injected into the database. Is there a protocol for checking this, specific to the Drupal DB?
If there is a better place to post this, please advise & thanks in advance.
Comments
security review module
The security review module attempts to identify injections in comments and node bodies http://drupal.org/project/security_review
It can return false positives, but false positives are somewhat better than false negatives in this realm ;)
Good luck - please let us know how it goes!
knaddison blog | Morris Animal Foundation
Quite Honored
Hm, well I am quite honored to get a response from the author of "Cracking Drupal" which I just purchased on Kindle a few days ago to educate myself on this subject! :)!
I will definitely do that thanks very much for the prompt response.
Regards,
Robert Kopacz
Mysql size increasing automatially after updating D7.4 to D7.7
Below is a reply from host provider. Pl adv how to solve the problem of mysql size increasing
Looks like you are using drupal for your website and seems like the database it being injected with data, are you using the latest drupal with latest plugins? You need to check with issue with the drupal community it there is a possible injection in DB.
Support Team
Knowledge Base: http://blog.speedhost.in
Website: http://www.speedhost.in
My site : http://vision4life.in
Hi! Critically and Urgent issue
Hi!
I dont know where to post my query i am new in drupal and have created a website it was running good past few month but not its having issue i think it got hacked i dont know how to recover my site. I also have remove all the site db and file and uploaded again but the same problem..... Kindly help masters of Drupal.
Here is the link of my site .....www.fusehair.co.in
Help me......
The error messages I see are
The error messages I see are about database tables missing. It seems your settings.php is pointing to the wrong database, wrong prefix, or you didn't install the tables into the right database. This is probably more appropriate to discuss in the support forum
knaddison blog | Morris Animal Foundation
Hi! Critically and Urgent issue
Thanks a ton for your reply i just have uploaded the database the homepage showing proper but as i click any of link it refers some other site and i really don't know what is going on i have tried a lot but not find any solution. Kindly guide me what to do and how to do? I would be really great-full to you....
Thanks
Check any global redirect? or
Check any global redirect? or hacked?
I couldnt find any solution
I couldnt find any solution kindly tell me what to do i checked http://sucuri.net/global and it is showing some redirect as you have told but how can we remove the injected code where the site is redirecting.... kindly help and tell me what can be best to remove the injected code.... Plzzzzzzzzzzzz
I think @pvm610 was referring
I think @pvm610 was referring to using the "hacked" module which will check your core and contrib files to help trace any code modifications. http://drupal.org/project/hacked
Not having specifics one thing I would look to see if you have unexpected content being created. If so check your user settings and node creation permissions. Another is to check for anonymous comments that may be added to nodes unexpectedly as well.
Make certain that you are running to latest version of Drupal core and that all of your modules are up to date. As Drupal sites increase so does the number of attacks that try to exploit known vulnerabilities in older sites.
Chris Hales - mediacurrent.com
no follow button :( hence
no follow button :(
hence following ;).