Drupal hacked?

Today my two main sites went down. Unfortunately I was out all day and I noticed very late.
This morning one of my sites went down and I didn't think much of it, I restored the database. This evening other sites are down too with the same result.

Basically it was like some of the database tables were emptied out. Even though everything was running, the pages came up almost blank and the menus were gone too.
I have now updated all my sites to the latest version of Drupal.

Has anyone seen this before? How can I found out what really happened? Maybe my hosts mysql is messed up?

 

http://www.securityfocus.com/bid/22579/info
n
http://www.securityfocus.com/bid/22202/discuss

Without logs,no1 can know what happened

 

Oh, thanks. I still need to go through the logs, as you can imagine they are huge.
On one of my sites I could disable comments and that should do it.

 

http://milw0rm.com/exploits/3312
http://milw0rm.com/exploits/3313

 

That site is blocked by my company proxy

I think the next time I go on vacation I will have to find someone to have an eye on my stuff. Fortunately I just implemented a new backup strategy. Now my database gets backed up every hour and rsynced to a machine at home every 6 hours.

 

What version of Drupal were you running?

 

I upgraded. Why do you ask?

 

i know there was an xml-rpc bug that came with drupal. But it could be sql injection as well. Where someone is just emptying your tables. Or it could just be happening because of some bug in some code somewhere. If you have anything homegrown, i would look there first.

 

Well, I am not sure what really happened. I checked the DB and everything seemed to be in the tables, but Drupal didn't pull the correct informatin (could have been a corrupt cache table). Anyways, I have not had any problems since I upgraded Drupal. I also removded the xml-rpc and update php files (I don't need update until the next update and I don't use xmlrpc.
So far I have not had any more trouble.