hack *spit* [patch]
Seems there must be a vulnerability in older versions of Drupal 4.7.x. I'm not exactly certain what happened, but by injecting something into the create user page, someone was able to gain access to UID 1... (the administration account).
Everything is upgraded and back to normal now, but I'm worried about a SSH session that I happened to notice going on with someone in China this morning. I've blackholed that entire network and am running a tripwire for anything suspicious.
It's doubtful that the server was compromised because the daily root-kit check went through as normal at 7am - and the drupal hack attempt happened at 5:30am. Probably a PHP or Apache exploit... or something. *bleh*
My advice to anyone running a Drupal site is to make sure you're up to date with the latest version. Of everything, actually.
[patch] [patch] [patch] . . . *sigh*