Dangerous Exploit Threatens Drupal Sites
A newly discovered exploit dangerous enough to be dubbed 'Drupalgeddon2' has network administrators around the world working overtime to protect their systems. The exploit is a remote code execution vulnerability related to the highly critical SA-CORE-2018-002 vulnerability announced by Drupal back in March.
According to a security advisory released by Drupal on 25th April, the vulnerability is still being exploited in the wild. They recommend all Drupal users running version 7 or 8 upgrade right away. Users of 7.x should immediately upgrade to 7.59; users of version 8.5x should upgrade to 8.5.3 while 8.4x users should upgrade to 8.4.8.
Drupal advises users unable to upgrade at the current time to apply the appropriate patch instead. Developers have released patches for both 8.x and 7.x. At the very least, Drupal core will have to be updated, but it is recommended that modules be updated as well. Please note that the patches only work on sites to which the original SA-CORE-2018-002 fix from March has been applied.
The Fear Is Real
Drupal developers labelled this latest threat as 'highly critical' due to the damage it could wreak across the internet. If you run Drupal or you are a site administrator with Drupal sites on your network, this vulnerability is something to worry about. The fear is real.
According to a 20th April report from Ars Technica, there are at least three known attack groups already exploiting Drupalgeddon2. The vulnerability was given its name due to its similarity to another Drupal vulnerability back in 2014. Sites that have not yet been patched and/or upgraded could be compromised to the extent of exposing entire servers through an unprotected URL. Attackers do not need any kind of account on the server to get in, inject an exploit code, and then run it.
Though Drupalgeddon2 is extremely serious and should be taken as such, this latest security attack is by no means new. Late in 2017, Canadian e-commerce platform Shopify was made aware of a critical security vulnerability that could have exposed untold numbers of online stores running the platform. Shopify developers were so eager to get the vulnerability fixed that they ended up paying a bounty hunter more than $15,000 to track down the mechanism behind the vulnerability and then test their fix.
There Is a Better Way
Unfortunately, web development Platforms like Drupal, WordPress, and Shopify are especially vulnerable to security risks. Over the last few years there have been multiple high-profile instances of:
WordPress DDoS attacks
OpenSSL vulnerabilities
incorrectly configured shared servers
weak password protection
poor server planning by network architects
poor hacking and penetration testing.
Some of the biggest offenders are content management systems that rely heavily on the use of plugins or extensions to add functionality. Because plugins and extensions are created by third parties who do not necessarily put the time and effort into maintaining security, any site using them is a vulnerable site. There is a better way, though.
Siteglide offers secure, stable, hosting excellence with no plugins to worry about. In fact, stability and security are the cornerstones of Siteglide service. Siteglide is built and maintained by the same developers from end-to-end. As such, it completely avoids the fragmented build model which is so typical with other platforms.
If you are running Drupal 7 or 8, consider your site already compromised if you have not yet patched and/or upgraded. Take appropriate action to disinfect your site right away. And if you are using Drupal, WordPress, Shopify, or any other platform based on the fragmented build model, perhaps it is time to think about switching to Siteglide?
