Write up on Drupageddon hack (attempt) on my site
On October 21, 2014, an attempt to compromise my personal web site was partially successful. The attack was able to delete log entries for October 21, 2014, and was able to add a non-existent user to the administrator role on the web site. The attack apparently failed to actually create the user, however.
Read more
Drupageddon?
Yesterday, my webhost told me that one of my Drupal sites was sending out spam, and the emails were coming from the Drupal modules folder. Since it is only a test site I occasionally use, I deleted the Drupal installation.
Then tonight I see the Security group talking about Drupageddon, and how Drupal sites have been compromised with one of the indications being that spam is being sent out from the Drupal site.
https://groups.drupal.org/node/447468
Read more
Anyone dealing with Drupageddon (SA-CORE-2014-005)?
I'm in the process of securing several sites for a Northern NJ organization that were affected by Drupageddon (SA-CORE-2014-005), and am looking to connect with others to share ideas and tips.
Read more