topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:58 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Update Drupal ASAP - Over a Million Sites Can Be Easily Hacked by Any Visitor  (Read 7065 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
If you are a server admin and have a Drupal installation, you need to update it immediately.

A dangerous Drupal flaw could leave your site completely compromised if you don't patch the flaw immediately.

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.

The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions.



ayryq

  • Supporting Member
  • Joined in 2009
  • **
  • Points: 101
  • Posts: 289
    • View Profile
    • Donate to Member
Ugh I hate updating Drupal. It's so fraught... after backing up you're supposed to:
Delete all files except the Sites folder and any files such as ".htaccess" and "robots.txt" that have been customized. (This assumes any contributed modules, custom themes etc. That you use are in the sites directory)

I cringe when I hit that delete key.

Did it last night though since it seems to be a very serious vulnerability.