On 2010-01-27, at 3:57 PM, Ivan Sergio Borgonovo wrote: > [1] you'd have to store the revision # somewhere outside the working > copy and diff with the remote repo. > Still if you're actively developing a site you'd have to find some > way to compare working copy with a moving code base... and maybe > glue everything with some rcs hook.
Just use a different branch for your live sites. I ran into exactly this same issue with a client, and sites in VCS were much quicker to deal with. Most hacks I've encountered recently used base64decode(), so grepping for that was helpful. As well, a .htaccess rule redirecting the advertising pages is a useful stopgap to prevent from being delisted. Finally, those running their own machines can set up a firewall to block outgoing connections for the Apache user except to specific hosts (updates.drupal.org, configured RSS feeds, etc). Also, be sure to check your PHP tmp directory, as there may be scripts there running re-infecting your site. --Andrew
smime.p7s
Description: S/MIME cryptographic signature
