Most security patches for software tend to fix an obscure problem which might be a vulnerability only in some circumstances. However, when Drupal 7.32 was released on the 15th October this year, things were different. The Drupal release came with a warning to upgrade Drupal 7 sites to fix a security vulnerability and most Drupal administrators proceeded to do this over the next few days. However, the release announcement was also read by a number of hackers who quickly identified the flaw and wrote web-bots that could spider across the web looking for vulnerable sites. Thus, every Drupal 7 site that was not upgraded within a few hours of the initial release could potentially have been hacked. Simply upgrading these sites would not be good enough, as the hackers could have left hidden code on the server waiting for them to return and reactivate it later.
As a result of this, the NBN commissioned John van Breda to review Drupal 7 sites used by local record centres and others within the recording community. Of the 21 sites reviewed, only 1 was found to be definitely hacked and this site was rebuilt from scratch. The remaining 20 site owners have either been reverted to backup, had their file system and database rebuilt and audited, or the site owner has been notified and offered further assistance.
If you believe that you have a Drupal 7 site that might be vulnerable to this “Drupalgeddon” hack and you aren’t aware of any precautions being taken to prevent it, then please get in touch.