Drupal Flaw Compromised Millions of Websites

25 November 2014

Chicago: Today, about 38% of websites are using one of the top-ten content management systems (CMS). The most popular, WordPress is being used by 61% of websites, Joomla by 8% and Drupal by 5%, according to a web technology tracking firm. Drupal 7, the recent version of Drupal is used by nearly a million websites. Content management systems have become a growingly popular prey of attackers over several years. For example, the attackers had used brute-force password prediction to acquire control over the web servers running a wide variety of content management systems.

Recently, the security team of Drupal CMS had notified about the invention of a censorious security flaw (SQL injection) that would let attackers to pilfer data or compromise endangered sites. Nearly a million websites organized by Drupal content management system had just a few hours to update their software as the websites were being compromised by the attack. Within just few hours of announcement, attackers had started attacking Drupal websites which led to the compromise of several sites.

Methodical attacks were floated against a wide variety of Drupal websites in an attempt to exploit this vulnerability. The Drupal security group had stated that if the sites running Drupal 7 are not updated within seven hours of the bug being announced, it will be considered that the sites have been compromised.

It tends to be very slow to patch the websites as Drupal is being used by many large companies. Sites of such large companies would take several days to apply a patch and would be unsafe if they are not protected by extra security. Unfortunately it’s not that easy for the affected sites to recover from the breach. Web admins first have to take down the site, create a backup prior to the attack, clean the server software, reinstall it, patch Drupal, and then have to restore the software.

Security measures to handle such security flaws:

  • Make use of security solutions that diminish automated attacks.
  • Spot and block the attacks that target known hazards.
  • Exploit intelligence on spiteful sources and apply it in real time.
  • Take part in a security community and share threat intelligence.

Security policies and solutions must be as automated as possible as the attack volume is very profuse for humans to handle. Also, there will not be any advance warning of attacks.

Fortune Innovations Chicago has adroit developers with profuse experience in Drupal CMS development and customization. Get in touch with us today and glean the pros of our Drupal web development services completely.

News Archive

  • WordPress Development in Chicago
  • Drupal Development in Chicago
  • Joomla Development in Chicago
  • eCommerce Magento Chicago
  • Web Development Chicago
  • Web Design Chicago
  • jQuery development Chicago
  • Zend framework development Chicago
  • Airline IBE GDS Integration Navitaire Chicago
  • Airline IBE GDS Integration Aamadeus Chicago