clear

Subscribe

Recent Posts

clear

Archives

Thursday, 30 October 2014
More Bad News for Drupal Sites
Share
clear

UPDATE:

Apparently, there's more bad news for Drupal site owners. If you didn't perform the latest upgrade within 7 hours of the announcement (by 11PM UTC on 10/15/14) your site has almost certainly been hacked. Worse, the server it's on could possibly be breached as well. Drupal security experts Michael Hess and Bevan Rudge issued a public service warning on the matter that you can read,here.,

Remediation steps

Drupal suggests the following steps to fix your problems:

  1. Take the website offline by replacing it with a static HTML page;
  2. Notify the server's administrator emphasizing that other sites or applications hosted on the same server might have been compromised via a backdoor installed by the initial attack;
  3. Consider obtaining a new server, or otherwise remove all the website's files and database from the server. (Keep a copy safe for later analysis);
  4. Restore the website (Drupal files, uploaded files and database) from backups from before 15 October 2014;
  5. Update or patch the restored Drupal core code;
  6. Put the restored and patched/updated website back online;
  7. Manually redo any desired changes made to the website since the date of the restored backup;
  8. Audit anything merged from the compromised website, such as custom code, configuration, files or other artifacts, to confirm they are correct and have not been tampered with,
  9. While recovery without restoring from backup may be possible, this is not advised because backdoors can be extremely difficult to find. The recommendation is to restore from backup or rebuild from scratch.

If you need assistance with your web presence, 111 Web Studio can build you a custom website that is as secure as is offered by the state-of-the-art in Internet security. We don't use Drupal and take the utmost care in handling customer information. Give us a call at 877.397.7605 or contact us for more information.

clear
Posted on 10/30/2014 5:30 AM by Customer Service
Comments
No comments yet.

Recent posts

111 Webstudio Planned Maintenance Notification

ONE ELEVEN MAINTENANCE NOTIFICATION Valued Customer, Phase 1 of this maintenance will begin...

Service Outage November, 6 2017

To our valued customers, Around 2:00 AM on November 6, 2017 our operations team discovered a failed...

Technology Grants for Nashville Non-Profits

111 Web Studio is pleased to announce that we can now perform formal technology assessments for non-profit...

Dynamic Remarketing to Your Customers Online

Do you sell products or services on your website? Then this is for you. Have you ever been looking...

Raise Money On Your Website with 111!

Do you need to show progress of a fund drive and create a buzz amongst your donors? 111 Web Studio has...