Scorpiones Group

Update Drupal ASAP: Over a million sites can be easily hacked by any visitor

Critical Flaw Have Been Found in Drupal by Security Researchers.

Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system.
The team is warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.

Considering that Drupal-powered websites are a favorite platform for hackers, the website administrators are highly recommended to install the latest release to prevent remote hackers from compromising web servers.

Drupal warns that attackers can exploit the flaw through several avenues.
Any visitor, regardless of privileges, can exploit the flaw by visiting an affected site and gain access to, modify and delete private data.

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time.
Drupal Hacking
We have compiled a few tips for you to keep your Drupal website safe:
  1. Scan your Website
    You can use tools that scan your site remotely to find malicious payloads and malware locations.
    SiteCheck. Other online scanners and Drupal extensions can also help you look for indicators of compromise, malicious payloads, and other security issues.
  2. Check Modified Files
    New or recently modified Drupal files may be part of a hack. Your core, contributed, and custom modules should also be checked against known good copies to identify malware injections.
    The quickest way to confirm the integrity of your Drupal files is by using git status, to check for changes, commit any new branches, and then roll back to the last known good set of code.
  3. Audit User Logs
    Verify any unknown Drupal user accounts, especially administrators.
  4. Check Diagnostic Pages
    If your Drupal site has been blacklisted by Google or other website security authorities, you can use their diagnostic tools to check the security status of your Drupal website.
  5. Contact Scorpiones Pentest Team
    And conduct a Web Application Penetration Testing for your website.

Tags: Exploit Web Application Penetration Testing Penetration Testing

Contact Us