Hacking Incidents

In the wake of SA-CORE-2014-005 - Drupal core - SQL injection | Drupal.org much has been said about what to do if you believe your Drupal site has been hacked into. I am not going to discuss the details of SA-CORE-2014-005 as the above article and the FAQ it links to with all its comments covers this matter very well. What is more important is the general scenario, rather than the specifics.

Fortunately we have cracking-drupal/after-an-exploit.md at master · greggles/cracking-drupal which is a great piece on this subject. Now, whilst Your Drupal website has a backdoor | Bevan Rudge is specific to SA-CORE-2014-005 it does offer a good general case workflow, so should be considered helpful.