The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as immediately.
On October 29, 2014, Drupal team released a strong statement via their Public Service Announcement. In the announcement, they strongly mentioned as follow:
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
Adding further, they mentioned that if the users have still not upgraded to Drupal 7.32, they should immediately upgrade to Drupal version 7.32 but this will not fix the issue on already compromised websites.
Recovery from Hacked Drupal
If you have not patched your site in time and it was compromised, you should immediately contact your hosting provider to restore your data from old backup (possibly backup before October 15, 2014 – On which SQL injection vulnerability was announced). Drupal team has suggested some steps in their announcement. In addition to those steps, you should consider taking the following steps as well:
– Reset all your FTP, control panel passwords
– Check for the malicioius activity from your website and if you find anything, report it to your web hosting provider for assistance
– Check for recently installed hooks/plugins
– Scan your web contents using antivirus application provided by your web hotsing provider
– Perform online scan using Sucuri site check or other tool
Once again, if you have still not upgraded your Drupal to its latest version, you are at risk.
Last Updated on