hacked

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
brad.curnow's picture

Email spam generators (PHP) found amongst module files.

Posted by brad.curnow on October 27, 2014 at 1:56am

Hi All,

I recently received an email from my host (Arvixe) stating that they had disabled a script on one of my D7 sandbox sites due to large quantities of spam email emanating from there.

Upon investigation I found an encrypted PHP file called "sql91.php" in my modules/field/modules/options folder. I later discovered a second bogus file called "sraynr.php" in a different folder. Both of these files have been called from Russian IP addresses:

146.185.239.52
146.185.239.51

Read more
22 comments3 attachments Categories: , , , , ,
Subscribe with RSS Syndicate content