On Mon, Oct 8, 2012 at 12:18 AM, Peter Viskup <skupko...@gmail.com> wrote:
> Overlooked it was not sent to debian-user list. > … > I do not know what security issue was used to crack my site - they used > some Drupal weakness to create some php files in Drupal install dir > remotely and without getting SFTP access. > I had a look on the state of the drupal6 package just after and noticed > there are some critical bugfixes not backported to stable branch. > That's all at the very moment. > > In my experience, this correlation is good enough to reasonably assume causation. When a website is compromised, and the software running the website has known vulnerabilities, there is rarely any need to look further. Such attacks are usually automated or semi-automated. You can reduce the problems somewhat by using ModSecurity, and disallowing a bunch of PHP functions (eval, system, etc.) that many components/extensions/modules/plugins/themes seem to find useful. This is not always practical, for instance when you use a third party webhost which does not offer these options, or when you do not have the know-how to configure these right. I suspect that for software like Drupal, using a secondary package manager such as Portage may actually be better for the sysadmin. -- Jan
