Major Drupal security vulnerability discovered. Your site may be in danger!

Hi everyone,

I just wanted to give you all a heads up on some disturbing news that may effect your website if you are on the Drupal platform.

The website platform ‘Drupal’ has been all over the news of late (see linked articles below), with information surfacing about a major vulnerability in the platform, resulting in 100,000’s of Drupal websites being hacked around the world. This major vulnerability has been coined ‘Drupalgeddon2‘, and has been assigned the official identifier CVE-2018-7600.

Choc Chip Digital were made aware of this exploit when our website hosting scans started picking up infected Drupal website’s on our yesterday, Wednesday 19.0418.

What does this mean if you have a website built in Drupal? We have been getting in touch with the clients we are aware of whose site’s have been affected by the hack, but if you have a Druapl site and haven’t heard from us your site may not be safe. Given the severity of the exploit our assumption is that it’s only a matter of time (days even), before Drupal site’s running on software lower then version 8 (which is most) will be hacked.

The consequences of Drupal the site being hacked by this exploit are varied, most site’s are going offline as consequence of the hack, as well as being infected with malicious code. Some sites are having their private data stolen, others are having inappropriate marketing material and sexualised content posted.

To prevent this from happening we would recommend signing up for a 12 month support agreement, or paying for a once off patch, as well as starting the discussion around getting you off Drupal and onto another website platform like WordPress.

Please get in contact with us if you suspect your website is compromised by calling (03) 5273 0100, or by emailing support@chocchip.com.au.

Kind regards,

Christopher
Director

References