When you read news like this–about a complete compromise of a content management system like Drupal–you have to be grateful someone else is handling your web site:

Drupal websites that had not patched seven hours after the disclosure on a “highly critical” SQL injection (SQLi) hole disclosed on 15 October are essentially hosed, the content management tool’s developers say.

Source: The Register’s DRUPAL-OPCALYPSE! 

If you did not update your site within seven hours of the bug being announced, we consider it likely your site was already compromised,” the team noted in asecurity announcement. Source: CMS Wire

How many folks does this affect?

Drupal powers about 2.7 percent of the world’s websites, behind only WordPress (47 percent) and Joomla (10.5 percent), according to BuiltWith, a website profiler tool. BuiltWith estimates 266,556 websites are currently using Drupal 7.

What to do next…if you were hacked.

View my Flipboard Magazine.

Make Donations via PayPal below:

Everything posted on Miguel Guhlin’s blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-3445626-5’]); _gaq.push([‘_setDomainName’, ‘mguhlin.org’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();