Drupal, a platform widely used by many popular websites is shown to have a critical vulnerability that let hackers hijack the server.
A vulnerability that allows hackers to hijack the server
A critical vulnerability known as Drupalgeddon2 (tracked as CVE-2018-7600) was found in versions 6 to 8 of Drupal. The vulnerability allows attackers to execute code remotely to take complete control of the site. More specifically, the vulnerability lies in the Form API feature inside Drupal’s core; with this, the hacker can insert and run scripts without authenticating through the parameters in the URL of the website.
Result analysis in Vietnam
After scanning, CyStack has found over 500 out of 1000 scanned Drupal websites in Vietnam are still using a Drupal version with the vulnerability. This number includes many important websites belonging to banks, technology groups, universities and government websites,… This is not the final number yet since there is a significant number of Drupal websites in Vietnam and Drupalgeddon2 is easy for hackers to exploit to hijack websites.
A method for administrators to check for the vulnerability
Drupalgeddon2 recognition has already been included in our newest version of CyStack Platform (1.1.8). Website administrators can register and start scanning for vulnerabilities and malicious codes within your websites for free at https://app.cystack.net.
A guide to resolving the issue
Drupal has already been distributing patches and updates for this vulnerability:
For version 7.x users, upgrading to version Drupal 7.58 is advised
For version 8.5.x users, upgrading to version Drupal 8.5.1 is advised
For version 8.3.x users, upgrading to version Drupal 8.3.9 or using Drupal’s patch is advised
For version 8.4.x users, upgrading to version Drupal 8.4.6 or using Drupal’s patch is advised
In the case you cannot install new versions, administrators can install patches manually at https://www.drupal.org/sa-core-2018-002 or contact CyStack Security for support.
For websites already hijacked or injected with malicious codes by hackers, administrators can use the Responding function (Malware Scanning) within CyStack Platform to recover your website.