HOW TO CLEAN A HACKED DRUPAL SITE
Fix the hack and protect your Drupal website.
Last updated on: Jan 31st, 2018
Sucuri is committed to helping server administrators check their website for hacks and remove malware infections. We created this guide so Drupal users can identify and fix a Drupal hack. This is not meant to be an all-encompassing guide, but it addresses the most common infections we see.
Common Indicators of a Hacked Drupal Site
Spam keywords in nodes and search engine content
New nodes from an unauthorized user
File modifications or Drupal core integrity issues
Unknown files under sites/default/files
Security warnings by Google, Bing, McAfee, etc.
Unexpected, slow, or abnormal site behavior
Host suspended your site for malicious activity
Malicious new users in the Drupal dashboard.