17 October 2014
Dealing with Drupalgeddon (SA-CORE-2014-005 SQL injection)
Following the recent remotely exploitable Drupal exploit, we would like to reassure all our customers that their managed Drupal hosting with us was patched within an hour of the security update being released, and well within the 7 hour time limit after which malicious and targeted attacks were seen in the wild. As a further standard security precaution all our Drupal platforms are write protected which would prevent such an attack from succeeding even if the platforms had not been patched. If you do not have managed hosting with Website Express and are concerned about the security of your Drupal 7 site, then we would suggest that you follow the advice from Drupal.org. If your site was not patched or upgraded within 7 hours of the security announcement, then it is safest to assume that your site has been compromised, data may have been extracted, and back doors may have been placed to allow access even after patching. You should restore a website backup made prior to 15th October onto a brand new and updated 7.32 Drupal Platform on a secured hosting environment. If no backup is available then migrate all data onto onto a brand new and updated 7.32 Drupal Platform on a secure hosting environment and check file system and database for backdoors before restoring any content or files. If you are concerned about the security of your Drupal 7 website, or would like the peace of mind that comes with a fully managed and secured Drupal hosting platform, please give us a call on 029 2000 4547 or or use our contact us page. Links for further reading:
