Drupalgeddon let hackers hijack hundreds of Vietnamese websites

Drupal, a platform widely used by many popular websites is shown to have a critical vulnerability that let hackers hijack the server.

A vulnerability that allows hackers to hijack the server

A critical vulnerability known as Drupalgeddon2 (tracked as CVE-2018-7600) was found in versions 6 to 8 of Drupal. The vulnerability allows attackers to execute code remotely to take complete control of the site. More specifically, the vulnerability lies in the Form API feature inside Drupal’s core; with this, the hacker can insert and run scripts without authenticating through the parameters in the URL of the website.

Result analysis in Vietnam

After scanning, CyStack has found over 500 out of 1000 scanned Drupal websites in Vietnam are still using a Drupal version with the vulnerability. This number includes many important websites belonging to banks, technology groups, universities and government websites,… This is not the final number yet since there is a significant number of Drupal websites in Vietnam and Drupalgeddon2 is easy for hackers to exploit to hijack websites.

A method for administrators to check for the vulnerability

Drupalgeddon2 recognition has already been included in our newest version of CyStack Platform (1.1.8). Website administrators can register and start scanning for vulnerabilities and malicious codes within your websites for free at https://app.cystack.net.
cystack platform
CyStack Platform has included Drupalgeddon recognition in the newest version

A guide to resolving the issue

Drupal has already been distributing patches and updates for this vulnerability:
  • For version 7.x users, upgrading to version Drupal 7.58 is advised
  • For version 8.5.x users, upgrading to version Drupal 8.5.1 is advised
  • For version 8.3.x users, upgrading to version Drupal 8.3.9 or using Drupal’s patch is advised
  • For version 8.4.x users, upgrading to version Drupal 8.4.6 or using Drupal’s patch is advised
  • In the case you cannot install new versions, administrators can install patches manually at https://www.drupal.org/sa-core-2018-002 or contact CyStack Security for support.
For websites already hijacked or injected with malicious codes by hackers, administrators can use the Responding function (Malware Scanning) within CyStack Platform to recover your website.