How many kittens?” is the question. “Hacked!” is the answer.
Drupal is a great platform for building web sites as it can quickly and easily get a site up yesterday. Eventually, some customization will need to be made to a website’s code to implement evolving features and designs. A small markup change here, a text alteration there, or modifying a function like user_load(), and in most cases Drupal will continue to work fine. While all might seem OK, without realizing it, your site has been Hacked!
Well, not hacked in the way that a site is broken into maliciously, but hacked in that Drupal itself or contributed modules have been changed on your site. Without knowing what has been changed, it can be very difficult to track down bugs, as the code on your site is no longer the same as the code everyone else is running. Updating Drupal or contributed modules becomes a huge hassle, and important security updates are often ignored due to the work involved in re-implementing code hacks.
The Hacked! module is best run with the Diff module, though it’s not required. After downloading and enabling both modules, browse to Reports > Hacked (for Drupal 7) to generate the site report.
Hacked! summary page showing Drupal has been modified
It looks like someone has hacked Drupal core. Let’s click “View details of changes” and see what’s different: