Posted by Vikas Sharma on November 5, 2012 at 7:24pm
Hi,
My 2 sites are hacked. both in almost same way. my .htaccess is rewritten. and some fishy code is written in corn.php, install.php, update.php,authorize.php. Also a file wp-config.php,
All JS file in the all/modules were also written document.write(<iframe src=....)
does nay one has any clue.
thanks
Comments
hope you have a backup
Hi,
It's hard to say what the cause was based on your description. If they are old sites that haven't been updated for awhile chances are an automated bot took advantage of a Drupal vulnerability. That would explain the wp-config.php file, which is a wordpress file and probably would not been placed their by a sentient hacker.
In any case, you should take the site down, load a backup on a development server if you have one, and install all of the updates. Afterwards, go to the status page (under the reports menu) to be sure that everything is set up properly. Finally, make sure your file permissions are correct and that only the files directory is writable by the web server.
Hope this helps -- there's no quick answer to recovering from a site hack. Just be sure not to use any code on that server -- it should all be considered tainted at this point.
Same problem here
See this discussion (where you prefer):
Drupal Forum
http://drupal.org/node/1871386
Drupal Answer
http://drupal.stackexchange.com/questions/53808/malware-on-d7-website-blacklisted-by-google
Stack Overflow
http://stackoverflow.com/questions/13976642/malware-on-d7-website-blacklisted-by-google
Badware Busters
https://www.badwarebusters.org/main/itemview/31275#itemblock-31283