my drupal has been hacked

So yeah upgrade your version.

Here is the security patch to Drupal
http://drupal.org/

But...Are you sure it was Drupal and not something on your computer already. Remember malicious software already in your computer will follow you around in your browser. When you get a site that requires account information, it will usually activate. Are you sure that this is not what you are experiencing when you surf to your Drupal site that needs a login?

Please make sure you upgrade your Drupal scripts when there is a new one. I have the same experience before but never meet it once I upgrade the code timely.

Best Drupal Hosting | Affordable Web Hosting | Drupal Tutorials

Do that now and you can do an autopsy on it later to see if it was a SQL injection or whatever. Also grab a backup of all your files and your bash/apache logs if you have access to them then...

Ask your host to change your FTP/SSH login details in case they have been compromised.

Wipe your hosting space totally clean and restore your Db from backup.

Drupal5's passwords are trivially cracked once an intruder has access to your DB so they must be treated as insecure.

Using SSH/SQL or phpMyAdmin you should replace every users password with the md5 hash of a very random string so they are forced to use the password reset feature to log in again. Create yourself a new strong admin password and stick the md5 of it in to your user's pass field.

Install a fresh copy of Drupal (the same version as you were running) and go through the setup. Put your site in maintenance mode and check your users to see if anyone has got permissions they shouldn't have and if so remove them.

Next upgrade your Drupal install to the latest version in the series you are using and reinstall the most recent version of your modules available for that series.

That should get you up and running and secure again.

Bear in mind though that the intruder has access to your users usernames, e-mail addresses and, to a large extent, passwords which it's safe to assume they use all over the internet so before you take your site out of maintenance mode again...

Put up a notice about it on your front page telling your users you got hacked and they will need to reset their password for your site and should consider doing so on any other site where they use the same username and password.

Then you can sit back and trawl your logs to try and find out what happened.

It may not have been a Drupal problem, it may have been a Drupal problem that has since been fixed or it may be a problem with a current version of Drupal or a module you use. If you think it may be the latter contact the Drupal security team: http://drupal.org/security-team Make sure you are subscribed to their e-mail list or rss feed to keep up to date too.

Also it would be a good idea to upgrade to version 6 ASAP, Drupal 7 will be out soonish and when that happens security updates for V5 will stop.

Good luck,

Roger Heathcote - www.technicalbloke.com