Site hacked... details
Roar - March 3, 2007 - 19:58
Hi there, my Drupal site was hacked - I just wanted to post the details in case this security issue becomes a problem for other users. This morning checking the site, I got syntax error on the index page, so after downloading index.php this is what it looks like:
( as you can see there is a ton of Cialis & Viagra spam )
<?php
// $Id: index.php,v 1.91 2006/12/12 09:32:18 unconed Exp $
/**
* @file
* The PHP page that serves all page requests on a Drupal installation.
*
* The routines here dispatch control to the appropriate handler, which then
* prints the appropriate page.
*/
require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
$return = menu_execute_active_handler();
// Menu status constants are integers; page content is a string.
if (is_int($return)) {
switch ($return) {
case MENU_NOT_FOUND:
drupal_not_found();
break;
case MENU_ACCESS_DENIED:
drupal_access_denied();
break;
case MENU_SITE_OFFLINE:
drupal_site_offline();
break;
}
}
elseif (isset($return)) {
// Print any value (including an empty string) except NULL or undefined:
print theme('page', $return);
}
drupal_page_footer();
<u style=display:none><a href="http://iaamd.com/images/wassup/hydrocodone/make-lean-with-hydrocodone.html">make lean with hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-drugs.html">hydrocodone drugs</a> <a href="http://iaamd.com/images/wassup/hydrocodone/cheap-hydrocodone.html">cheap hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone.html">hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buy-hydrocodone-online.html">buy hydrocodone online</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buying-hydrocodone-without-prescription.html">buying hydrocodone without prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-prescription-needed.html">hydrocodone prescription needed</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-withdrawal.html">hydrocodone withdrawal</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-cod.html">hydrocodone cod</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-withdrawl.html">hydrocodone withdrawl</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-extraction.html">hydrocodone extraction</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-no-rx.html">hydrocodone no rx</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-internet-pharmacies.html">hydrocodone internet pharmacies</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-dosage.html">hydrocodone dosage</a> <a href="http://iaamd.com/images/wassup/hydrocodone/snorting-hydrocodone.html">snorting hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/oxycodone-vs-hydrocodone.html">oxycodone vs hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-prescription-for-pain.html">hydrocodone prescription for pain</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-apap.html">hydrocodone apap</a> <a href="http://iaamd.com/images/wassup/hydrocodone/purchase-hydrocodone.html">purchase hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/how-long-does-hydrocodone-stay-in-your-system.html">how long does hydrocodone stay in your system</a> <a href="http://iaamd.com/images/wassup/hydrocodone/potentiate-hydrocodone.html">potentiate hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-dependency.html">hydrocodone dependency</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-by-online-pharmacy.html">hydrocodone by online pharmacy</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-abuse.html">hydrocodone abuse</a> <a href="http://iaamd.com/images/wassup/hydrocodone/what-is-hydrocodone.html">what is hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/side-effects-of-hydrocodone.html">side effects of hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buy-hydrocodone-online-consultation.html">buy hydrocodone online consultation</a> <a href="http://iaamd.com/images/wassup/hydrocodone/how-does-hydrocodone-work.html">how does hydrocodone work</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-bitartrate.html">hydrocodone bitartrate</a> <a href="http://iaamd.com/images/wassup/hydrocodone/online-hydrocodone-pharmacies.html">online hydrocodone pharmacies</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-prescriptions-on-line.html">hydrocodone prescriptions on line</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-availability.html">hydrocodone availability</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-cough-syrup-no-prescription.html">hydrocodone cough syrup no prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-withdrawal-symptoms.html">hydrocodone withdrawal symptoms</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-10-325-no-perscription.html">hydrocodone 10 325 no perscription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/how-to-make-hydrocodone.html">how to make hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-without-a-prescription.html">hydrocodone without a prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-cough-syrup.html">hydrocodone cough syrup</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buy-hydrocodone.html">buy hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/norco-hydrocodone.html">norco hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/easy-way-to-buy-hydrocodone-online.html">easy way to buy hydrocodone online</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-overdose.html">hydrocodone overdose</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-addiction.html">hydrocodone addiction</a> <a href="http://iaamd.com/images/wassup/hydrocodone/no-prescription-hydrocodone.html">no prescription hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-without-prescription.html">hydrocodone without prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/how-long-can-hydrocodone-be-detected-in-urine.html">how long can hydrocodone be detected in urine</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buy-hydrocodone-without-prescription.html">buy hydrocodone without prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-side-effects.html">hydrocodone side effects</a> <a href="http://iaamd.com/images/wassup/hydrocodone/online-pharmacies-hydrocodone.html">online pharmacies hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/veterinary-hydrocodone.html">veterinary hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buy-hydrocodone-no-prescription.html">buy hydrocodone no prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-no-prescription.html">hydrocodone no prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/effects-of-hydrocodone.html">effects of hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/tagament-hydrocodone.html">tagament hydrocodone</a> <a href="http://iaamd.com/images/wassup/hydrocodone/buy-hydrocodone-without-a-prescription.html">buy hydrocodone without a prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/stop-hydrocodone-withdrawal.html">stop hydrocodone withdrawal</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-for-sale.html">hydrocodone for sale</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-online.html">hydrocodone online</a> <a href="http://iaamd.com/images/wassup/hydrocodone/hydrocodone-online-prescription.html">hydrocodone online prescription</a> <a href="http://iaamd.com/images/wassup/hydrocodone/cheap-generic-hydrocodone.html">cheap generic hydrocodone</a> </u>
<u style=display:none><a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/nextday-tramadol.html">nextday tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/high-quality-tramadol.html">high quality tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/side-effects-tramadol.html">side effects tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/cheapest-tramadol.html">cheapest tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-medication.html">tramadol medication</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/difference-between-ultram-and-tramadol.html">difference between ultram and tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-hydrochloride.html">tramadol hydrochloride</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-withdrawal.html">tramadol withdrawal</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/is-tramadol-a-narcotic.html">is tramadol a narcotic</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-drug.html">tramadol drug</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-no-prescription.html">tramadol no prescription</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-no-prescription-florida.html">tramadol no prescription florida</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-side-effects.html">tramadol side effects</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/cheapest-tramadol-available-online.html">cheapest tramadol available online</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-50-mg.html">tramadol 50 mg</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-hcl.html">tramadol hcl</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-for-dogs.html">tramadol for dogs</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-100mg.html">tramadol 100mg</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-bp.html">tramadol bp</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/canine-tramadol.html">canine tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-addiction.html">tramadol addiction</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-hcl-50-mg.html">tramadol hcl 50 mg</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/buy-tramadol.html">buy tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-cheap-no-rx.html">tramadol cheap no rx</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/100mg-tramadol.html">100mg tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-overnight.html">tramadol overnight</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/snorting-tramadol.html">snorting tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/can-you-inject-ultram-tramadol.html">can you inject ultram tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/buy-tramadol-online-cod.html">buy tramadol online cod</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-180.html">tramadol 180</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-withdrawal-symptoms.html">tramadol withdrawal symptoms</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-50mg.html">tramadol 50mg</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-online-cod.html">tramadol online cod</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-online.html">tramadol online</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/buy-tramadol-online.html">buy tramadol online</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-fed-ex-180-cod.html">tramadol fed ex 180 cod</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/what-is-tramadol.html">what is tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol.html">tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/cod-tramadol.html">cod tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-cod.html">tramadol cod</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/cheap-tramadol.html">cheap tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-hcl-50mg-tab.html">tramadol hcl 50mg tab</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-overnight-50-states.html">tramadol overnight 50 states</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-withdraw.html">tramadol withdraw</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/200-tramadol-+-overnight-+-fedex.html"></a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/cheap-tramadol-prescriptions-online.html">cheap tramadol prescriptions online</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-express-delivery.html">tramadol express delivery</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-377.html">tramadol 377</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/order-tramadol.html">order tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-without-prescriptions.html">tramadol without prescriptions</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/chemical-make-up-of-tramadol.html">chemical make up of tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-helps-withdrawal.html">tramadol helps withdrawal</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/buy-tramadol-overnight.html">buy tramadol overnight</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-without-prescription.html">tramadol without prescription</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/purchase-tramadol.html">purchase tramadol</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/order-tramadol-online.html">order tramadol online</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-hydrochloride-uses.html">tramadol hydrochloride uses</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-hci.html">tramadol hci</a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/buy-tramadol-u.s.-pharmacy.html"></a> <a href="http://www.greenhousepeople.co.uk/affiliates/18/tramadol/tramadol-saturday-delivery.html">tramadol saturday delivery</a> </u>
<u style=display:none><a href="http://www.colorvisiontv.org/img/glyph/cialis/levitra-vs-cialis.html">levitra vs cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/generic-cialis-tadalafil.html">generic cialis tadalafil</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-cheap.html">cialis cheap</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/order-cialis.html">order cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cheapest-cialis.html">cheapest cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cheap-cialis.html">cheap cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-lawyer-ohio.html">cialis lawyer ohio</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/tadalafil-cialis-from-india.html">tadalafil cialis from india</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-injury-lawyer-columbus.html">cialis injury lawyer columbus</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-drug.html">cialis drug</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/discount-cialis.html">discount cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-forum.html">cialis forum</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-attorneys.html">cialis attorneys</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-lawyer-columbus.html">cialis lawyer columbus</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/buy-cialis-online.html">buy cialis online</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-attorney-columbus.html">cialis attorney columbus</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cheapest-generic-cialis.html">cheapest generic cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/buy-cheap-cialis.html">buy cheap cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-for-sale.html">cialis for sale</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-injury-attorney-ohio.html">cialis injury attorney ohio</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-soft.html">cialis soft</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/free-cialis.html">free cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/viagra-cialis.html">viagra cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-for-order.html">cialis for order</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/buy-cialis.html">buy cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-no-prescription.html">cialis no prescription</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/online-cialis.html">online cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/generic-cialis.html">generic cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cheap-cialis-generic.html">cheap cialis generic</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-vs-viagra.html">cialis vs viagra</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-20mg.html">cialis 20mg</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-lawyers.html">cialis lawyers</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-injury-attorney-columbus.html">cialis injury attorney columbus</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/viagra-cialis-cheap.html">viagra cialis cheap</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-attorney-ohio.html">cialis attorney ohio</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/viagra-cialis-levitra.html">viagra cialis levitra</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-compare-levitra.html">cialis compare levitra</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-generic-viagra.html">cialis generic viagra</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-tadalafil.html">cialis tadalafil</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cheap-generic-cialis.html">cheap generic cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-dosage.html">cialis dosage</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis.html">cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/buying-generic-cialis.html">buying generic cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-for-women.html">cialis for women</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-side-effects.html">cialis side effects</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-pill.html">cialis pill</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-online.html">cialis online</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-viagra.html">cialis viagra</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/viagra-versus-cialis.html">viagra versus cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-stories.html">cialis stories</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-without-prescription.html">cialis without prescription</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-samples.html">cialis samples</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-soft-tabs.html">cialis soft tabs</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-uk.html">cialis uk</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/viagra-vs-cialis.html">viagra vs cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-on-line.html">cialis on line</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-injury-lawyer-ohio.html">cialis injury lawyer ohio</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/cialis-generic.html">cialis generic</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/women-taking-cialis.html">women taking cialis</a> <a href="http://www.colorvisiontv.org/img/glyph/cialis/liquid-cialis.html">liquid cialis</a> </u>
<u style=display:none><a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-substitute.html">viagra substitute</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/discount-viagra.html">discount viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/free-viagra-sample.html">free viagra sample</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-side-effects.html">viagra side effects</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-on-line.html">viagra on line</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-results.html">viagra results</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/herbal-viagra.html">herbal viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/cheapest-viagra-prices.html">cheapest viagra prices</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-alternative.html">viagra alternative</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/purchase-viagra.html">purchase viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-generic.html">viagra generic</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-and-levitra.html">viagra and levitra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/cheap-viagra.html">cheap viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/purchase-viagra-online.html">purchase viagra online</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-pill.html">viagra pill</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-dosage.html">viagra dosage</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-cheap.html">viagra cheap</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-jokes.html">viagra jokes</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/buy-viagra.html">buy viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/soft-viagra.html">soft viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/online-viagra.html">online viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/how-to-use-viagra.html">how to use viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-vs-cialis.html">viagra vs cialis</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/alternative-to-viagra.html">alternative to viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/canadian-viagra.html">canadian viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra.html">viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-for-sale.html">viagra for sale</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/cialis-vs-viagra.html">cialis vs viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-cartoons.html">viagra cartoons</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/try-viagra-for-free.html">try viagra for free</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-cialis-levitra.html">viagra cialis levitra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-versus-cialis.html">viagra versus cialis</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-6-free-samples.html">viagra 6 free samples</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/buying-viagra.html">buying viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-over-the-counter.html">viagra over the counter</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/ship-free-viagra-sample.html">ship free viagra sample</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/cheap-generic-viagra.html">cheap generic viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/cialis-viagra.html">cialis viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/how-does-viagra-work.html">how does viagra work</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/free-viagra.html">free viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/buy-viagra-online.html">buy viagra online</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/bad-side-effects-of-viagra.html">bad side effects of viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-samples.html">viagra samples</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-buy.html">viagra buy</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-st.html">viagra st</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/generic-viagra.html">generic viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/natural-viagra.html">natural viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/buy-viagra-in-canada.html">buy viagra in canada</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/buy-online-viagra.html">buy online viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-uk.html">viagra uk</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-without-prescription.html">viagra without prescription</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/female-viagra.html">female viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/over-the-counter-viagra.html">over the counter viagra</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-women.html">viagra women</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-for-women.html">viagra for women</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-online.html">viagra online</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/viagra-generique.html">viagra generique</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/order-viagra-online.html">order viagra online</a> <a href="http://www.norfolkfishing.com/menutitlefolder/awards/viagra/order-viagra.html">order viagra</a> </u>Not sure how the site was hacked. It is only averaging 80 unique visitors a day & I've never had any problems like this before on other sites I've built.
Recently an article was submitted to shoutwire.com so I assume the site being exposed on Shoutwire must have something to do with it.
Also, since I have no recent backups, how can I restore the index.php file - is it okay to use the one from the installation package ?
chmod u-w index.php
ouch!
I checked the perms on my index.php:
# ls -al index.php
-rw-r--r-- 1 apache apache 872 Feb 4 13:22 index.php
and as you can see the user apache had (past tense) write permissions!
a quick chmod fixed that:
chmod u-w index.php
the following also had write perms:
update.php
xmlrpc.php
install.php
cron.php
robots.txt
all of which are probably a no no.
to view all of the files on your site that have write perms:
find -L . -perm /u=w,g=w,o=w -type f ! -iwholename './files/*' -prune -print0 | xargs -0 echo
this prints out all files (not directories) that have write perms (excluding the files directory)
I believe apache will still need to have write perms for the files in files
to ensure your site is secure, in that no one (but root) can write:
find -L . -perm /u=w,g=w,o=w -type f ! -iwholename './files/*' -prune -print0 | xargs -0 chmod ugo-w
I just ran it on one of my sites and it didn't seem to break anything...?
-al
yes you can use one from a
yes you can use one from a new installation, in future make sure chmod permissions are set to 644 so that the file can't be written to.
What version of Drupal are you running ?
I'd double check my FTP program to insure its update to date, in the case that your FTP program is somehow uploading all files to 777.
I'd also check my apache logs to try and narrow down when this happened.
Why ....
It appears that your webserver was hacked. It's not a Drupal security problem, but rather a poorly configured server.
Why are your Drupal files owned by Apache? They should be owned by your user account, not by the webserver. The only files that should be writeable by the webserver are those in the files directory, which represent user uploads.
which user account?
which user account? By chowning the site to apache:apache, it all just worked. :)
I am not using suexec or cgiwrap, so, I thought, apache is the user? Or is
there some drupal magic goin' on? My site(s), by the way, have not been
hacked, yet...
-al
User permissions
It should - it is a bit like chmodding everything 777 in terms of removing all your security.
No, you only want Apache to be able to read your files. If Apache can write to your files, then anyone with an account on the server can tell Apache to write whatever they want over your files - that includes anyone that 'owns' another site on that server too. Not only are you trusting all the other webmasters to not touch your stuff, you're trusting that they all have completely secure sites too.
Generally your FTP account should be the owner of everything and only that account should have any write permissions - except for directories that the web server needs to write to (eg files).
--
Anton
New to Drupal? | Forum posting tips | Troubleshooting FAQ
ah, yes, but of course...
ah, yes, but of course...
This is how I like to learn, from the mistakes of others...
I am chief cook and bottle washer, sysadmin, webmaster, designer, etc, etc, and the sole
admin, user, etc of my sites... and was getting more than a little sloppy about perms.
Thanks for the "heads up"; my perms are now correct. :)
-al