By parka on
Some trojan like code has been appended to javascript files on my site.
I've removed everything from the server and uploaded a clean Drupal 6.22 & modules few hours ago.
Few hours later, now, I find that the malicious code have appeared again.
So what are my next steps?
Comments
i doubt its the drupal code
i doubt its the drupal code itself
have you checked your permissions to make sure that nothing is too open, also check that any contrib modules are fully up to date as well
How do I know which
How do I know which files/directory are the important ones to check?
I only run the cron and the reports shows nothing suspicious.
I've updated all the modules.
Drupal 6.22 - SQL Injection hacks
Hi parka,
Can you actually see code added to your .js files?
I am suddenly seeing a bunch of content updates to my pages (of various content types) and am suspecting SQL injection. I'm also running Drupal 6.22. Yesterday I updated all of contributed modules to their latest versions and cleaned up the content but now I just looked and the content updates are there again. It's a bunch of links to 'adult oriented' sites that are either appended to the end of the body field of my content, or even stuck in the middle of paragraphs of text in my body field.
I can see in my Recent log entries "page: updated About Us" by user "Anonymous". But when I look at my permissions settings, Anonymous does NOT have access to create/edit/delete ANY content types at all.
I've been looking through the forums trying to figure out what the next steps are but I'm just not sure how to find the security hole that's allowing this SQL injection. I found a few tools online that let you scan your site for vulnerabilities but I'm not sure how well they work with Drupal sites. Does anyone have recommendations?
Thanks in advance for any suggestions anyone has!
Drupal 6.22 - SQL Injection hacks
Also, this is getting appeneded to a lot of my pages. Can anyone confirm that this is indeed SQL Injection?
"E-Zigarette rauchen kann nicht geruchsbelästigend sein. E Zigarette Shop sollst du im Shop bei uns erwerben. "
In my case, the code are
In my case, the code are appended at the bottom of the javascript files.
They are something like
var something="\many\var\and\short\some\things\"
Which specific javascript
Which specific javascript files?
Some javascript files in the
Some javascript files in the "misc" folder and in the contributed modules folders.
Seems quite random to me.