By blogjam on

Apologies if this has been covered elsewhere, but my index page appears to have been hacked twice this week. First up I get the following error message: "Parse error: syntax error, unexpected '<' in /home/.path/to/domain.com/index.php on line 38", and when I check the index page I discover text that's been added beneath the closing drupal_page_footer(); string.

The first time was just some commented-out text, while the second time I discovered an enormous block of spam advertising. Removing the text restores my normal index page.

Any suggestions as to how to protect the page? It's chmodded to 644.

Thanks in advance.

Categories: Drupal 5.x

Comments

pobster’s picture

pobster commented

Rather than that you've been hacked, it's more likely that your hosting has been hacked. Ask your hoster to check their logs for their ftp program, someone seems to have slipped through... You never know they may have anonymous access set or something stupid, these things happen.

Perhaps this will clarify; http://www.webmasterworld.com/webmaster/3053187.htm

Pobster

blogjam’s picture

blogjam commented

I'll check with Dreamhost and report back.

blogjam’s picture

blogjam commented

Dreamhost, God bless 'em, aren't too helpful: they suggest updating Drupal (it is the most recent version), updating my modules (I only use two, and they're both current) and changing my FTP password (which is sound advice, but I suspect isn't the issue...)

newms’s picture

newms commented

I'm subscribing to this thread.

newms

shishira’s picture

shishira commented

would also suggest you have a look at all the index.html/php on the server. Its hapned to me before a hacker got access to the entire server and just rewrote all the index s to point to his site through which he was installing malware host had said that no other data like DB was breached though.