Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By supermoos on
I think that maybe my site has been compromised somehow?
When looking at the drupal log-messages I can see a few request to this url:
TYPE php
USER Anonymous (ikke efterprøvet)
LOCATION http://www.yazoodle.net/http://www.yazoodle.net/azenv.php
Message Notice: Undefined index: mytheme i drupal_theme_initialize() (linje 100 af /var/www/includes/theme.inc).
Host 96.254.171.2
And looking up the yazoodle url leads me to this site, talking about RFI attacks?
http://www.bizimbal.com/odb/details.html?id=1231202
And somehow my them got disabled resulting in a lot of blocks beeing moved to the deactivated region, because some regions apparently do not exist all of a sudden?
I am on 7.14, and know that I should upgrade to 7.16 right away, I just need to know whether my system might be compromised - do any of you guys know anything about the url above?
Comments
I've just seen the same in my
I've just seen the same in my logs
http://test.XXXXXXXX.com/?q=ttp%3A//www.yazoodle.net/azenv.php
(I've XXXX'd out my domain coz I don't have it as secure as I'd like yet)