Posted by NinaNic on October 27, 2014 at 11:59pm
I'm in the process of securing several sites for a Northern NJ organization that were affected by Drupageddon (SA-CORE-2014-005), and am looking to connect with others to share ideas and tips.
I'm in the process of securing several sites for a Northern NJ organization that were affected by Drupageddon (SA-CORE-2014-005), and am looking to connect with others to share ideas and tips.
Comments
Some resources here - see the
Some resources here - see the links to the flowchart and you can download the drush-based audit tool:
https://www.drupal.org/project/drupalgeddon
See also: https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-injec... which describes several of the common hacks.
Broken Link
Peter
Thanks for the extra advice.
See also: https://www.acquia.com/blog/learning-hackers-week-after-drupal-sql-injec... which describes several of the common hacks.
is 404
"The best way to predict the future is to invent it." - Alan Kay
The email version gives a
The email version gives a broken link - sorry.
Try the one directly in my comment above, or here's a short link: http://bit.ly/1tS5fna
Demonstration
The following link demonstrate how the hackers can attack the website.
http://www.zoubi.me/blog/drupageddon-sa-core-2014-005-drupal-7-sql-injec...
Yes we where hit
Four of our websites where not patched fast enough and are compromised. We have seen new admin users and PHP files hidden in /files.
There is helpful resources here
http://drupal.stackexchange.com/questions/133996/drupal-sa-core-2014-005...
Thanks
Thanks, this is helpful.
Nina Nicholson
Director of Communications & Technology
The Episcopal Diocese of Newark
nnicholson@dioceseofnewark.org
http://dioceseofnewark.org
See also this just-released
See also this just-released PSA: https://www.drupal.org/PSA-2014-003
Got it
Yes, I got it.
Nina Nicholson
Director of Communications & Technology
The Episcopal Diocese of Newark
nnicholson@dioceseofnewark.org
http://dioceseofnewark.org
A podcast focused on dealing with Drupageddon
Our latest episode of "Hooked on Drupal" discusses (with some context) the travails of dealing with Drupageddon.
http://www.commercialprogression.com/post/hooked-drupal-podcast-episode-2