I've had good reason to think about security on my Drupal sites lately. This site and a few others were hacked recently. The result of the hacking was a script injected into both the generated pages and the RSS feeds of the site. I picked up on the hack pretty fast because the RSS feeds on the site were not behaving correctly and that broke something else that relies on the feeds to work. I also checked the site in Internet Explorer and things weren't displaying properly.
I spent about an hour investigating the issues before I realized that the site had been hacked for sure. One of the first things I did once I realized that the site had been hacked was that I took it offline. Whatever the script that had been injected into the site was doing it couldn't have been good. Then I took steps to correct the situation.
Since multiple sites were affected I assumed that somehow an FTP user password (which I thought was obscure enough) had been compromised. So I changed every password I could think of. Then I uploaded the latest version of Drupal to all of my sites. Next I checked the directories to see if there were any suspicious files remaining. Finally I checked the site RSS feeds and pages for signs of the script that I had found when I discovered the problems. It was only after taking those steps that I brought the sites back online.
The process was time consuming and painful enough for me to cause me to remember how important security is for any type of site you put up on the web. I should've known better since I've been caught by spammers before, but it's been a long time so I got a bit complacent.
I'd like to pass on some tips (and links to related modules) that can give you an idea of some of the security features to take advantage of when you're using Drupal.
Bookmark or Share Post
