undefined | Better HN

0 pointseli12y ago0 comments

In theory you might be right, but in practice patio11 definitely is.

Either way, the big hassle is going to be reinstalling your site, pulling a copy of the database from backup (you have that right?). Might as well go all the way and install everything fresh.

0 comments

3 comments · 1 top-level

dennisgorelik12y ago· 2 in thread

Why reinstall database from old backup?

Can trojan be hiding in the database?

eliOP12y ago

Yes, definitely! Drupal (like Wordpress and others) stores all the "content" of your site in a database so there could be all manner of nastiness hidden in your pages.

And then, obviously, the attacker could have added an admin user account or, less obviously, altered settings stored in the database to make the site insecure.

My advice would be to restore completely from backup, if possible.

dennisgorelik12y ago

The price of restoring from old backup could be steep: some data loss. Or at least time consuming manual data merge with data from more recent, but compromised database.

It might be easier to check database for common vulnerabilities (admin accounts, suspicious content for web pages).

1 more reply

j / k navigate · click thread line to collapse