Tips, tricks, articles, rankings for Drupal developers

How I can know if my Drupal is hacked?

ballester's picture
ballester | Thu, 05/02/2015 - 13:43

One of the first checks that I recommend is to use the Drupal module Hacked!. The module compares the source code of Drupal Core, themes and modules with the current code repository drupal.org
If you have installed the Drupal module diff'll see line by line differences between the two source codes.
This is useful for detecting modules that have been modified by developers for example by applying a patch or by an intruder.

Rating: 
5
Average: 5 (1 vote)
Drupal version: 
Tags: 
Drupal skill: 
Dependencies: 
PHP

Comments

dropdev's picture
Submitted by dropdev (not verified) on
Rating: 
5
Your rating: 5
I tested the two modules together and the result is great, you can see line by line changes from the original source versions.Thank you very much for the input.

Isaac's picture
Submitted by Isaac (not verified) on
Rating: 
0
Your rating: None
Thanks, didn't know about it! Anyway drupal cms have more surprises that we all know, and we won't fine them out until the next upgrade)))Here is a quick help for people without backups etc#!/bin/shecho "Drupal Base:"read baseecho "Day before day Patched (YYYY-MM-DD):"read patched#Remove php files in files folder - only good if you dont use your files folder for php filesfind $base/sites/default/files/ -name "*.php" -exec rm -f {} \;#find known backdoorgrep -r --include=*.php "PCT4BA6" $base | xargs rm#find base64 used to hide backdoors - This should only return a small amount just check the files dont look like hackgrep -r --include=*.php "base64" $base#find strtolower used to hide backdoors - This should only return a small amount just check the files dont look like hackgrep -r --include=*.php "strtolower" $baseHope that helped someone.