how could i've been not hacked?
tompouk - March 24, 2007 - 14:39
Hi there!
I was using drupal 5 for a week. but now I've been hacked by whoever for whatever reason...
look:
Weird, any other whove been hacked?
thanks
Are you a new user on Drupal.org
Drupal.org is being redesigned. We would like to ask you a few questions about Drupal.org if you are willing to do an interview.
User login
Search downloads
Contributor links
- Advanced search
- Queues
- Patch spotlight
- Play patch bingo!
- Play bug bingo!
- Mailing list archives
- Drupal.org webmasters
- Drupal.org server administrato
rs - Web links
here's my new
here's my new index.php:
<html>
<head>
<meta http-equiv="Content-Language" content="tr">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Single Hacker </title>
</head>
<body bgcolor="#000000">
<p align="center">
<font color="#e80c0c">& Lipsos - Dewil_Welet &<br>
<font color="#e80c0c">This a warning <br>
<p align="center">
<img border="0" src="http://img140.imageshack.us/img140/1703/lipsoslo4.jpg" width="640" height="480"></p>
<p align="center"><br>
<br>
<font color="#e80c0c">
<br>
<br>
<br>
<p align="center">
Turkish Hacker
<p align="center"><br>
<script language=JavaScript>
<!--
//Disable right mouse click Script
//By Lipsos (?) w/
var message="Yasak!";
///////////////////////////////////
function clickIE4(){
if (event.button==2){
alert(message);
return false;
}
}
function clickNS4(e){
if (document.layers||document.getElementById&&!document.all){
if (e.which==2||e.which==3){
alert(message);
return false;
}
}
}
if (document.layers){
document.captureEvents(Event.MOUSEDOWN);
document.onmousedown=clickNS4;
}
else if (document.all&&!document.getElementById){
document.onmousedown=clickIE4;
}
document.oncontextmenu=new Function("alert(message);return false")
// -->
</script>
<object classid="clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6" id="WindowsMediaPlayer1">
<param name="URL" value="http://lipsos.phpnet.us/Calinti_Hayatlar.mp3">
<param name="rate" value="1">
<param name="balance" value="0">
<param name="currentPosition" value="0">
<param name="defaultFrame" value>
<param name="playCount" value="1">
<param name="autoStart" value="-1">
<param name="currentMarker" value="0">
<param name="invokeURLs" value="-1">
<param name="baseURL" value>
<param name="volume" value="100">
<param name="mute" value="0">
<param name="uiMode" value="invisible">
<param name="stretchToFit" value="0">
<param name="windowlessVideo" value="0">
<param name="enabled" value="-1">
<param name="enableContextMenu" value="-1">
<param name="fullScreen" value="0">
<param name="SAMIStyle" value>
<param name="SAMILang" value>
<param name="SAMIFilename" value>
<param name="captioningID" value>
<param name="enableErrorDialogs" value="0">
<param name="_cx" value="6482">
<param name="_cy" value="6350">
</object>
</font></p>
</body>
</html>
It seems that drupal has troubles with its index.php no?
Server, not a Drupal problem
I don't see how this has anything to do with Drupal. Your server apparently is not secure. If you are on a shared server, report this to your hosting provider.
Check the permissions of the Drupal files AND the directories, including the root htdocs directory. They should not be writable by anyone other than you.
The exception would be the "files" directory, which must be writable by the webserver (often "apache" or "httpd").
Under no circumstances should any PHP files be owned by, or writable by, the webserver.
Change your password, and never use ftp or telnet (sftp, ssh and scp are safe).
File/Directory Permissions??
So then are you saying that the files directory and the all files and folders within it be CHMOD to 777 ??
How about all other files/directories.... what should they be CHMOD to??
Thanks for your time.
--
James
Permissions
ls -l should show
-rw-r--r-- for files
drwxr-xr-x for directories
Those are the permission settings in the standard Drupal tarball.
The safest plan would be to have the files directory owned by the webserver; if that is not possible, its permission setting would be world-writable (octal 777). Since the application creates all the files in that directory tree, their ownerships and permissions should be correct.
Well since that is not Drupal's index.php
Well since that is not Drupal's index.php the hacker found a way to overwrite Drupal's with their own. Look at the file to see when it was last updated and then look at your server logs for clues on to what happen.