> Is it a good security tip to monitor the integrity of Drupal sources by > using MD5 hashes on the files ? > Is there a known/efficient way to achieve this ?
http://drupal.org/project/md5check But this is a drupal module, and thus pretty useless, because it is part of the system that you're looking to stop being modified. Better to just hash some files on cron or something if you care to leave your drupal installation writeable by the web server. Regards Steven Jones ComputerMinds ltd - Perfect Drupal Websites Phone : 024 7666 7277 Mobile : 07702 131 576 Twitter : darthsteven http://www.computerminds.co.uk 2010/1/27 Nicolas Tostin <[email protected]>: > Is it a good security tip to monitor the integrity of Drupal sources by > using MD5 hashes on the files ? > Is there a known/efficient way to achieve this ? > > > ----- Original Message ----- > From: "Laura" <[email protected]> > To: <[email protected]> > Sent: Wednesday, January 27, 2010 9:53 AM > Subject: Re: [development] Fully patched site hacked and cloaked > > > On Jan 27, 2010, at Wed 1/27/10 4:45am, Gerhard Killesreiter wrote: > >> Were you able to determine the attach vector that was used to be able >> to modify bootstrap.inc? > > I just saw this performed on a D5 site. Bootstrap.inc was indeed altered, an > additional system.php file was inserted in the modules folder, and the > pernicious (drug) website files were inserted into the cgi folder *above* > the webroot. The code was sniffing passwords. Several files contained > nothing but hashes. > > I mention this because if we see a pattern across many sites, this entire > conversation should move to security reports offline. > > Laura > >
