Hack attack

  • Am impressed by the helpfulness of the people here!! I just were reading the same topics, and I also prefer the drush version!
    Thank you in advance again for your effor guys!!: ))

  • Very true, but neither does your method.
    Often malware files, PHPFilemanagers and such will be placed in theme folders, also the files folder is often used for this.

    You're right, it could happen.
    In my method I forgot to put the step where you should check/scan/control/etc your personal files and personal themes.
    For every other file (standard setup), I personally prefer to start from the clean downloaded files from drupal site (just after deleting everything on the webspace), so you don't have to check/scan the whole setup directory.

  • This method doesn't clean up any unwanted/hacked files

    I use Kaspersky on my workstation, when I download files to my workstation I usually get a notification that Kaspersky has found a suspicious file, maybe that helps too.
    It can find a log of algorithms, decode/encode base64 (which is used a lot to disguise fopen, curl, exec etc).

    A full re-install would be recommended, but could be a load of work.

    Anyhow: @ssibal good luck