Compromised Drupal 7 Website Recovery Review

ghost

I was brought on board to help recover a website that was possibly exploited by hackers, a Drupal 7 project.  What triggered the investigation?  My client was informed that their customers were receiving spam emails from the website.

After a thorough review of the project's code base and database. I found multiple exploits and backdoors.  All of the issues/exploits were within the Drupal core.  None of the contrib. or custom modules were exploited.  

What was the cause? The website was compromised due to an outdated Drupal 7 core.  With routine updates, this would have not happened.  That is why it is important to keep up with website maintenance and security updates.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.