Drupal, one of the open source content management which is being used by most of the users worldwide, but one important notification for the users of Drupal is here that its older version has been hacked through SQL Injection Attack, and this one is a serious flaw as it completely compromises the Drupal website.
Drupal itself find out this vulnerability which is being used by the hackers worldwide to compromise the Drupal website, and Drupal too warning its users to update their websites immediately as a security patch for the vulnerability has been released on 15 October 2014.
Drupal is a free and open-source content-management framework written in PHP and distributed under the GNU General Public License. It is used as a back-end framework for at least 2.1% of all Web sites worldwide ranging from personal blogs to corporate, political, and government sites including WhiteHouse.gov and data.gov.uk. It is also used for knowledge management and business collaboration.
On 15 October an important notification was released for Drupal users, which completely warning users about the latest critical vulnerability in the version 7.x and users are told to upgrade their website to Drupal core 7.32.
Millions of websites are at RISK!
As this is a most use content management system being used worldwide, so the affectness of this critical flaw is too big, as almost 12 million of the widely used Drupal 7 websites are at Risk (Which have not upgraded to 7.x)
Announcement made by the Drupal
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
After the vulnerability was out, most of the hackers started to attacking vulnerable sites through “automated attacks.”
Attacker is Anonymous
One more critical stuff is here—If an attacker use the vulnerability to hack a Drupal site, then none of the trace left of his presence, means you are unable to trace if someone out there, accessing your site along with you. An attacker can use the Drupal affected website like an Administrator.
It has been also revealed that through this SQL Injection attack on the affected Drupal site, an attacker can able to install a backdoor too on the site, by which attacker able to control the whole site remotely.
Hackers are also taking advantages of not storing any trace on website that it has been hacked, Attackers are hacking Drupal Sites and patching themselves, to stop any other hacker to hack that.
“Updating to version 7.32 or applying the patch fixes the vulnerability, but does not fix an already compromised website. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised — some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.”—Drupal Team.
Are you a Drupal user?
If you are a Drupal user, so this time to update your Drupal version to Drupal core 7.32, and in case you are not able to update your Drupal version, you can apply this patch.
As this flaw not able to trace, that your Drupal site has been hacked or not, so it is possible that hackers have copied all of your websites’ data, in case you also think like that, here are the steps to completely remove any vulnerability in your website or any backdoor created by the attacker:
- Take the website offline by replacing it with a static HTML page
- Notify the server’s administrator emphasizing that other sites or applications hosted on the same server might have been compromised via a backdoor installed by the initial attack
- Consider obtaining a new server, or otherwise remove all the website’s files and database from the server. (Keep a copy safe for later analysis.)
- Restore the website (Drupal files, uploaded files and database) from backups from before 15 October 2014
- Update or patch the restored Drupal core code
- Put the restored and patched/updated website back online
- Manually redo any desired changes made to the website since the date of the restored backup
- Audit anything merged from the compromised website, such as custom code, configuration, files or other artifacts, to confirm they are correct and have not been tampered with.