Jump to content


Photo

Drupal Vulnerability - Version: 7.x - Security risk: 25/25 ( Highly Critical )

Drupal Vulnerability

  • Please log in to reply
No replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,846 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 01 November 2014 - 09:29 AM

Hello,

 

This only specifically concerns users that are running Drupal [not everyone, generally you would know] but the security implications of not keeping a piece of software up-to-date applies to everything such as WordPress, Joomla, etc.

 

Drupal has announced that if you did not patch the Drupal Vulnerability announced/patched October 15, 2014 within 7 hour of the patch being released that more than likely you were already hacked/compromised.  We've found numerous accounts on our network that are up to date but the patches were applied after the sites were compromised initially.  Here is Drupal's formal announcement stating as well: Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003 and here is the original vulnerability patch announcement: SA-CORE-2014-005 - Drupal core - SQL injection.

 

If you are running Drupal regardless of whether you've been upgraded or not you should check your account for unauthorized modifications.  Looking in the core folder for Drupal we've more often than not seen scripts such as "view.php" "graph.php" "document.php" etc - files that are not actually a part of Drupal and are malicious and in many cases we have also found other malicious files distributed through affected accounts at the same date/time.

 

Understand these are not server level issues and there is relatively little we could do as a provider to protect you from this.  We try to make it clear in our Terms of Service and on our company forums that keeping all software installations up to date is very important for account security.  While this notice is specifically about Drupal - the advice does apply to all third party scripts installed within your account.  This isn't to cause you distress or trouble but simply to help you keep your account secure against malicious third parties.

For more details on this specific Drupal vulnerability please see the following links:

Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003 <- Drupal.com

SA-CORE-2014-005 - Drupal core - SQL injection <- Drupal.com

Drupal warns unless you patched within seven hours, you're hacked <- ZDNet.com

Millions of websites hit by Drupal hack attack <- BBC News


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users