Showing files that have changed on the live server:

git status

Looking for code execution attempts via menu_router:

select * from menu_router where access_callback = 'file_put_contents'

Showing which files are on the live server and not in version control:

diff -r docroot repo | grep docroot | grep 'Only in docroot'

Finding PHP files in the files directory:

find . -path "*php"

Checking the amount of time between when a user logged into your site and their most recent page visit:

select (s.timestamp - u.login) / 60 / 60 / 24 AS days_since_login, u.uid from sessions s inner join users u on s.uid = u.uid;

Hotfix: (SA-CORE-2014-005)

curl https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch | patch -p1

Sorry , that was 6. Please add others in the comments.

If you need help regarding the recent drupal vulnerability feel free to contact me.

Success is not final, failure is not fatal: it is the courage to continue that counts.
Winston Churchill

Tags:

• drupalplanet
• security
• advisory
• PSA-2014-003
• Drupageddon