12 million Drupal Websites under hackers attack



CMS Drupal has issued a chilling public service announcement to website admins and internet users who might visit the hundreds of thousands of sites running its software.

The unusually alarming statement was part of a “public service announcement” issued by the Drupal project’s security team Wednesday.
“Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection,” the Drupal security team said. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.”
This is a big problem. Because if you *now* update your website to Drupal 7.32 (which doesn’t suffer from the vulnerability) that won’t get rid of any backdoor that the hackers may have already implanted into your system.



Share on Google Plus

About Waheed Gul

Blogger, Independent Security Researcher
    Blogger Comment
    Facebook Comment

1 comments :

  1. how to hack drupal
    how to hack drupal,drupal exploiter,drupal exploiter,how to hack drupal website,drupal website hacking

    http://bicombusiness.blogspot.com/2016/01/drupal-auto-3xploiter-for-drupal-hacking.html

    ReplyDelete