Update Drupal ASAP - Over a Million Sites Can Be Easily Hacked by Any Visitor

[mouser]

If you are a server admin and have a Drupal installation, you need to update it immediately.

A dangerous Drupal flaw could leave your site completely compromised if you don't patch the flaw immediately.

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.

The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions.

https://it.slashdot....acked-by-any-visitor

• https://it.slashdot....acked-by-any-visitor
• http://www.zdnet.com...cked-by-any-visitor/
• https://www.drupal.org/sa-core-2018-002
• https://groups.drupa...ecurity/faq-2018-002

[ayryq]

Ugh I hate updating Drupal. It's so fraught... after backing up you're supposed to:

Delete all files except the Sites folder and any files such as ".htaccess" and "robots.txt" that have been customized. (This assumes any contributed modules, custom themes etc. That you use are in the sites directory)

I cringe when I hit that delete key.

Did it last night though since it seems to be a very serious vulnerability.