{"id":6733,"date":"2014-10-30T15:30:29","date_gmt":"2014-10-30T19:30:29","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6733"},"modified":"2014-10-30T15:30:29","modified_gmt":"2014-10-30T19:30:29","slug":"drupal-users-assume-your-site-was-hacked-if-you-didnt-apply-oct-15-patch-immediately","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/30\/drupal-users-assume-your-site-was-hacked-if-you-didnt-apply-oct-15-patch-immediately\/","title":{"rendered":"Drupal users: Assume your site was hacked if you didn&#8217;t apply Oct. 15 patch immediately"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.pcworld.com\/article\/2841372\/drupal-if-you-werent-quick-to-patch-assume-your-site-was-hacked.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/10\/drupal-logo-100527993-large.png\" alt=\"\" \/><\/a><\/p>\n<p>Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn\u2019t immediately apply a security patch released on Oct. 15.<\/p>\n<p>The unusually alarming statement was part of a \u201cpublic service announcement\u201d issued by the Drupal project\u2019s security team Wednesday.<\/p>\n<p>\u201cAutomated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 &#8211; Drupal core &#8211; SQL injection,\u201d the Drupal security team said. \u201cYou should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.\u201d<\/p>\n<p>The SA-CORE-2014-005 advisory, published Oct. 15, warned used about a highly critical SQL injection vulnerability that affects Drupal versions older than 7.32. Exploiting the vulnerability does not require authentication and can lead to a complete website compromise.<\/p>\n<p>The reason why Drupal\u2019s security team came out with a stronger warning and additional guidance Wednesday was because of the speed with which attackers began targeting this vulnerability and because a potential compromise can be very hard to detect.<\/p>\n<p>\u201cAttackers may have copied all data out of your site and could use it maliciously,\u201d the Drupal security team said. \u201cThere may be no trace of the attack.\u201d<\/p>\n<p>The vulnerability also allows the installation of multiple backdoors in the site\u2019s database, code, file directories and other locations and it\u2019s impossible for an administrator to say with complete confidence that all of them were found. Attackers may use such backdoors to attack and compromise other services on the underlying Web server, allowing them to expand their access beyond the website itself, the Drupal security team said.<\/p>\n<p>Users should try to determine whether their websites were patched by their hosting providers before the attacks began or if those providers successfully blocked all attack attempts. If that cannot be guaranteed, the best course of action, according to the Drupal team, is to take the sites offline, delete all their files and databases, restore them from backups made before Oct. 15 and then patch the sites before bringing them back online.<\/p>\n<p>Users should also notify their server administrators that attackers might have compromised other sites and applications hosted on the same servers. If possible, the server should be changed completely before restoring a site. If restoring from a backup is not possible, rebuilding the site from scratch is a better alternative than attempting to clean it up, because backdoors can be extremely difficult to find, the Drupal security team said.<\/p>\n<p>What can make this incident worse is that Drupal, unlike other content management systems like Joomla and WordPress, is heavily used by large organizations, said Daniel Cid, the chief technology officer of Web security firm Sucuri, in a blog post.<\/p>\n<p>Unlike consumers and small businesses, large organizations have certain processes they have to follow when deploying patches and those can take time, he said.<\/p>\n<p>\u201cThis is a recipe for disaster, if it\u2019s true and those websites are in fact compromised, they could be leveraged and daisy chained for a massive malware distribution campaign,\u201d Cid said. \u201cTake that into consideration with the size and audience of brands and the impact grows exponentially.\u201d<\/p>\n<p>via <a href=\"http:\/\/www.pcworld.com\/article\/2841372\/drupal-if-you-werent-quick-to-patch-assume-your-site-was-hacked.html\" target=\"_blank\">Drupal users: Assume your site was hacked if you didn&#8217;t apply Oct. 15 patch immediately | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn\u2019t immediately [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,9,10],"tags":[309,341,451,1177],"class_list":["post-6733","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-technology","tag-drupel","tag-exploit","tag-hacked","tag-vulnerabilities"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1KB","jetpack-related-posts":[{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":6733,"position":0},"title":"Odorless and Weightless Hackers &#8211; This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9910,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/slap-and-flop-siri-ios-18-3-update-apple-music\/","url_meta":{"origin":6733,"position":1},"title":"Slap and Flop &#8211; Siri, iOS 18.3 Update, Apple Music","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/Xwqi58VczQ4 What's going on with Siri? iOS 18.3 update is out now, along with a fix to a zero-day flaw. You can buy iPhones on eBay with TikTok installed on them as TikTok is still not available for download on the App Store. And on January 27th, 2010, Steve Jobs\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/Xwqi58VczQ4\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6733"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6733\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}