We are currently seeing a high volume of Drupal exploits running a lot of arbitrary code, including crypto mining, attacking other servers and similar due to this exploit https://www.drupal.org/sa-core-2018-002
If you want to find out if you have any vulnerable Drupal installs quickly and easily i wrote a shell script for that . Just run the following from console
wget http://blog.rimuhosting.com/files/drupaldetect.sh bash drupaldetect.sh
It will output something like this ..
root@servername:~# bash drupaldetct.sh You have version 7.58 located at /var/www/vsc/ You have version 7.58 located at /var/www/vsfrts/ You have version 7.23 located at /var/www/corehtapts/ Looks like Drupal at /var/www/mgvec/ , but can't tell the version You have version 7.50 located at /var/www/courtland/drupal/ You have version 7.0 located at /var/www/richvvrve/drupal/ You have version 7.58 located at /var/www/mrvegc2/ You have version 7.32 located at /var/www/ridvervee/drupal/
Any version prior to 7.58 is exploitable, and its safe to assume you should replace ALL the files as per https://www.drupal.org/docs/develop/security/your-drupal-site-got-hacked-now-what