Posted by 8thom on September 20, 2010 at 12:07am
Hey,
Can anyone confirm if this was due to a hosting or Drupal vulnerability?
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10674760
Hey,
Can anyone confirm if this was due to a hosting or Drupal vulnerability?
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10674760
Comments
Forensics
We're working with Tandem Studios to resolve this problem (we have had nothing to do with the development or maintenance of the site previously).
The site hosting has CPanel... the Drupal site wasn't fully up-to-date, but there's no obvious indication from the logs that the Drupal site itself was compromised. We suspect (but due to the limited logging on the hosting, it's not possible to verify) the compromise which provided the cracker with filesystem write access, was through another web application made available via CPanel, e.g. phpMyAdmin, which we have seen as a widely used vector for exploits previously. (We don't expose phpMyAdmin directly on any of Egressive's hosting for that reason).
Cheers,
Dave Lane, Egressive
From what I understand, is
From what I understand, is was a hosting vulnerability. Though it should be noted that the changelog suggests that the Drupal version is well out of date.
InTheHouse status
Hi Josh, yes, there are a number of modules with known vulnerabilities as well as an old core Drupal install. If they accept our proposal to adopt the site, it will a) be moved to NZ, and b) updated, and c) kept up-to-date as part of Egressive's Drupal Security Maintenance service.
Dave
Clarification
It turns out that the compromise of the InTheHouse site was not via a Drupal vulnerability (even though there were some vulnerable modules present), but rather via a crack that compromised a portion of the hosting provider's infrastructure. 40,000 additional sites (mostly not Drupal sites) were also affected.
http://community.a2hosting.com/a2hosting/topics/a2s48_turkish_hacker
We at Egressive were called in to fix the situation (and transfer the site to Egressive's hosting in NZ), which is being undertaken as I type. We began speaking to Tandem Studios about moving the site to NZ several weeks ago (before the Big Wobble down here in Chch)... so it's just bad luck it happened before the site could be moved.
Dave