Hacked! Is an extremely powerful Drupal module available in both Drupal 7 and 8. Hacked! allows you to check Drupal’s modules and core against Drupal.org stored versions to make sure they have not been tampered with.
This module is a great way to ensure that the modules are safe and have not been modified.
It’s worth noting that Hacked! will not check any code that does not exist on Drupal.org. However, as Aimee Maree points out, Hacked! can be very useful for finding when an errant developer has modified a module’s code.
Here’s how to get started:
- Download and enable Hacked!
Next, you need to make sure you have the “Update Manager” module enabled as well.
Hacked! does have some very basic configuration options. You can include or exclude line ends, although I recommend leaving the setting as “Ignore line ends”.
How that we have Hacked! set up and configured we need to run Hacked! and make sure all the files match the files on Drupal.org
- Go to Reports > Hacked.
- Visiting this page will automatically run the check.
As you can see below I have a module that does not match the Drupal.org version. This is because I have manually tweaked the module files.
One thing to note: if you are using a custom environment, you might also notice that Drupal core is flagged as changed. This is a false positive because of the way some virtual machines work.