Posted by kbahey on October 31, 2014 at 2:13pm
As a followup to the Drupal SQL injection described here
https://www.drupal.org/SA-CORE-2014-005
If you are running Drupal 6, then you are not vulnerable, unless you have the dbtng module installed. You could stop reading now.
If you patched or upgraded the Drupal 7 site an hour or two after the security advisory came out, you are probably safe.
However, if you patched after that, you could have been compromised in the time window between the fix being available and you applying it.
Please read the following document
https://www.drupal.org/PSA-2014-003
This tool should help you investigate whether you site has been
compromised or not