On Monday, 2/3/2013, I was notified by DreamHost that that my Drupal 6.17 site had been compromised. Yes, there were foreign php files which I deleted. They also added their own cron.php and index.php. I restored the originals from backup. This had happened before and the site was fine.
Now churchsp.org only shows “access denied”. I can run update.php but haven’t. I am not sure the next step. Basically it appears Drupal won’t load . The date of .htaccess has not changed so don’t think it is denying all. Another thought is that the sessions table is corrupt. I could repair the table.
Any thoughts of next steps ? Thanks for your thoughts.