Hello, I'm having a problem I can't seem to find anyone else on the Internet having with my Drupal installation.
My site had been attacked by a Javascript injection attack months ago, and after I cleaned out the code and reset passwords I noticed a part of the site was broken.
Normally users would login at http://www.example.com/user/ but now when anyone goes to that page, it downloads a file called "user" that is complete jibberish. Additionally, when logged in (via the url ~/drupal/?q=user), when attempting to go to the user page (~/user/20 for example) it simply redirects the user to the main homepage. Thus I cannot change user passwords through the Drupal administration.
I upgraded my site since then from 6.16 to 6.28, updated all modules to currently supported versions, and tried out multiple themes to no avail. Anyone have an idea what could be causing this?
Would love any assistance!
Comments
When you sayit downloads a
When you say
it sounds as though you still have some hacked code, or possibly hacks in the database. Not that you have a file 'user' but this path is clearly redirecting for some reason. I would certainly double check code but also go looking for hacks in the database.
Digit Professionals