Back in early November 2014 I received an email from my web host (current at the time though I’ve swapped now) about a serious vulnerability affecting Drupal, the following pages from the Drupal website explain it:
I didn’t find out about this until about 2 weeks after the patch had been released, I had to assume my website had been compromised. I took the website down as soon as I could and made a local copy of older backups. The recommended solution is to restore a backup from before the patch release date.
I’d hardly been using the website and I’d certainly not been making very good use of all the features Drupal has to offer. I was basically using it for a personal blog.
It’s taken some time but I’m finally almost ready to get the previous content back online. I think I got lucky since I’d not used my website very much and it had very little exposure on the internet. Though there is still that small thought in the back of my mind that all of my content on the web hosting could have been taken without my knowledge. There’s nothing I can do about that, I just have to move on.