What is Drupalgeddon?
A recent (early 2018) exploit of the Drupal CMS (Content Management System) has been confirmed as allowing hackers to inject malicious code into Drupal websites that affects all versions 6, 7 and 8. Shortly after it was announced, it is estimated that over 80% of all not-updated Drupal websites were affected.
The vulnerability allows hackers to inject code and essentially create new admin accounts/roles on the website, and from here they can take complete control of the website. It is widely thought MOST websites that were hacked, were done so to create crypto mining servers whilst keeping the website running as normal, but juicing the server for its capacity to mine.
Drupal – Geddon! What’s been done?
The company immediately released patched and updated versions of the CMS, but interestingly gave no technical information on the release which is most unusual, giving site owners the chance to patch the vulnerability BEFORE releasing the technical information. Once they release the technical information, it then opens up a whole can of worms of everyone knowing how to exploit the websites.
Has your website been affected? Are you running the Drupal CMS on version 6, 7 or 8 and not run your updates? If so, your website could well be one of the majority 🙁
Don’t fear, we have got your back.
Our team are ready and waiting to get your website checked, cleaned if necessary and back up doing what it needs to.
Get in touch today and one of our friendly team will be happy to help on +44(0)207 101 3990