A while back someone hacked into my site. Aside from the large amount of files I've never seen before, after deleting them I am getting an error on my homepage. I don't see any other file manipulation other than the folder and 'movies' they added.
I get the following error at the homepage of www.bigrookgames.com
Parse error: syntax error, unexpected '_drupal_session_open' (T_STRING), expecting '(' in /home/bigrookgames/bigrookgames.com/includes/session.inc on line 31
Anyone know what might be happening? I'm not completely sure what version I am even running, i think it was 7.16 but I searched around and thought maybe the site needs to be upgraded but none of the file paths work. Any suggestions?
Edit*****
I had an older directory of my entire site and replaced the session.inc file and seems to work now. Not sure how that file got corrupted.
Comments
=-=
be careful. if you were using 7.16 that precedes the drupalgeddon security issue which means if your site was hacked a backdoor could be anywhere in the database and file structure at this point. I'd advise a full rebuild.
is it sufficient to upgrade
is it sufficient to upgrade to a newer 7.x ? or is it in all of the versions and I should go to 8.+?
=-=
no an upgrade is not sufficient as the security issue could have placed a back door in your database. Google Drupalgeddon for a deep dive into this issue.