1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning: All unpatched Drupal 7 sites assumed to be compromised

Discussion in 'Blogging' started by Asif WILSON Khan, Nov 13, 2014.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,112
    Likes Received:
    28,523
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    [​IMG]

    If you use Drupal 7 to manage your website and you did not update to version 7.32 within a few hours of the latest Drupal vulnerability disclosure on October 15th, you should assume your website has been compromised by hackers and take immediate action. If you have not yet updated to v7.32, applying the update now will not guarantee that attackers haven?t installed a backdoor in your website. Furthermore, if the update has been applied ? and your website administrator was not the one who applied it ? this may actually indicate compromise, as hackers will do this to prevent their competition from compromising your site as well.
    For comprehensive protection, Drupal recommends recovering your website from backups or rebuilding it entirely, as soon as possible. Step-by-step instructions can be found here.
    More information on this threat

    In the hours that followed Drupal?s October 15th vulnerability disclosure, hackers launched an automated attack that scanned the web for Drupal 7 sites that had not yet applied the patch. When a website was found, attackers would then install a backdoor to allow for future, remote access. Backdoor access to a website not only compromises administrator and user information, but it can also be sold for the purposes of hosting illegal content and spreading malware. Approximately 1.1 million people currently use Drupal, to develop and manage hundreds of thousands of websites.
    More general information on what to do if your Drupal site is hacked can be found here.
    Have a nice (malware-free) day!
    - See more at: http://blog.emsisoft.com/2014/10/30...tm_campaign=ticker141112#sthash.CF0zaR6e.dpuf
    http://blog.emsisoft.com/2014/10/30/warning-all-unpatched-drupal-7-sites-assumed-to-be-compromised/
     
    • Thanks Thanks x 1