Millions of Drupal Websites Hacked
A stark warning has been issued by CMS software platform Drupal, once again highlighting the importance of online security.
Up to 12 million users of Drupal are thought to have been hacked after failing to apply an official update. The warning came after the content management software, which allows website owners to manage their sites, issued a critical update. Those who didn’t apply the update within seven hours of the bug’s discovery have been told to assume that their websites have been hacked.
Drupal 7 Compromised
It’s thought that Drupal accounts for just over 5% of all websites on the internet – a colossal amount, given that there are around a billion sites online in total. According to Drupal’s own security warning: ‘Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of [the update].’
It continues, ‘You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before 15th, 11pm UTC, that is 7 hours after the announcement.’
Attack Without a Trace
Failure to update means that hackers can now create multiple backdoor access points in the code itself, the database and file directories. This leaves the site open to attacks which may copy the site’s data, or deposit malware, without leaving a single trace of ever being there. Hackers may also take control of the server, affecting other services.
However, the major worry here is that the open-source Drupal is often used by larger organisations which might allow hackers to ‘daisy-chain’ a malware attack across the internet. Some in the industry have decried Drupal’s reliance on its users to update, rather than implementing it themselves by way of automatic updates. Drupal are advising their users to contact their server administrators if they believe their site to be hacked.
Here at Tristar IT support in London, we care deeply about online security. If you’re concerned that your tech-sector needs beefing up, we offer premium IT support services in London and the surrounding areas. For more information about our services, please contact us on 01707 378453 or email us at sales@tristarsupport.co.uk – our professional staff will be glad to assist.