Critical Drupal 7 Security Vulnerability and Need for Quick Fixation
In a Public Service Announcement released by Drupal’s security team, concerns were raised for Drupal websites to be compromised due to a certain SQL injection attempt by hackers, if they were not patched within 7 years of the announcement. Drupal content management system users were urged to consider starting afresh with the website and replacing the website database with backup files prepared before October 15 2014. It is the date when the announcement of the security vulnerability was announced.
Who is at risk? Literally, every Drupal website!
Drupal is the popular open-source CMS framework that is powering thousands of websites, sophisticated and small, across the internet. It is one of the most robust and efficient web development platforms that have brought ease and high performance in website management.
The recent Drupal flaw that has caught the attention of a global audience is one of the critical security breaches detected in the latest Drupal 7.3 version before October 15 2014. In spite of an updated version, merely website upgrade would not suffice to the current problem. A seasoned Drupal web development service provider with the expertise and thorough understanding of the security breach can work on the necessary protocols to turn your website fit once again.
The Drupal security team has clearly stated that numerous automated attacks have been initiated to compromise websites within hours of the SQL injection announcement. Therefore, the attackers have accessed critical data on the website, changed admin or other details, login access and also patched the website to avoid leaving any traces behind of an SQL injection attempt.
Example of SQL injection attempt:
name=\x22name[0; INSERT INTO `menu_router` (`path`, `load_functions`,
`to_arg_functions`, `description`, `access_callback`, `access_arguments`) VALUES (‘removed’,
”, ”, ‘removed’, ‘file_put_contents’, 0x613a323a7b693a303b733a32343a226d6f64756c657f6…..6870696e666f28293b223b7d);;# ]
Security Vulnerability and the Risks Involved
Each website is at a high risk of this “highly critical” SQL injection vulnerability. The flaw resides in the Drupal core that was specifically designed to prevent such attacks. The bug has resulted in the attack of websites based on the vulnerable version of Drupal. Theft of critical information such as personal information, installation of a backdoor injection and even remote access are among the many ways of exploiting the bug in the CMS framework.
For users who could not upgrade the website within 7 hours of the SQL injection announcement are advised to ensure the following by the Drupal security team:
1. Take the website offline by replacing it with a static HTML page
2. Notify the server’s administrator emphasizing that other sites or applications hosted on the same server might have been compromised via a backdoor installed by the initial attack
3. Consider obtaining a new server, or otherwise remove all the website’s files and database from the server. (Keep a copy safe for later analysis.)
4. Restore the website (Drupal files, uploaded files and database) from backups from before 15 October 2014
5. Update or patch the restored Drupal core code
6. Put the restored and patched/updated website back online
7. Manually redo any desired changes made to the website since the date of the restored backup
8. Audit anything merged from the compromised website, such as custom code, configuration, files or other artifacts, to confirm they are correct and have not been tampered with.
Professional Assistance
The main idea behind combating a situation as critical as this is to go all out and stick to the protocols put forth by the CMS giant itself. A seasoned Drupal web development service provider would ensure that the best practices are met and each and every measure is carefully undertaken to do good of the damage already done. It is important not just to patch the website but also run a critical check to ensure complete safety for the website in future.