Drupalgeddon2 exists in more than 115,000 websites

Drupalgeddon2 vulnerability still exists in many websites around the world. More than 115,000 websites are risked being hacked with Remote Code Execution (RCE), hijacking, backdoors inserting, malicious codes through this vulnerability. Drupalgeddon2 was announced almost two months ago Drupalgeddon2 exists in more than 115,000 websites  

Drupalgeddon2 (CVE-2018-7600) exists in the versions of Drupal 6 to 8. The vulnerability allows attackers to execute code remotely to take complete control of the site. The flaw lies in Drupal Form API feature in Drupal core; the hacker can insert and run RCE without authentication, through the parameters in the URL of the website.

A security expert has performed scans on nearly 500,000 websites using Drupal 7 worldwide. The result is more than 115,000 websites have not been updated with patches. The websites with Drupalgeddon2 are likely to be hacked, seized control and inserted malicious code in any time. Hackers have attacked many websites and inserted malicious code to mine crypto-currency; this malicious code embed Coinhive (Monero JavaScript Mining) in websites, utilizing computing resources of users when accessing the website to mine virtual Monero money for hackers via JavaScript code. drupalgeddon2 vulnerable

Results analysis in Vietnam

In the 2nd test, CyStack detects 379 Drupal websites in Vietnam (equivalent to more than 32.6%) that have not fixed this vulnerability. Among these are many important websites of businesses in e-commerce, banking, startups, technology corporations, state agencies in Vietnam. Results-analysis-in-Vietnam

Solution for website management

After the release of Drupalgeddon2, CyStack Platform has updated its vulnerability scanning and detection capabilities. In addition, CyStack Platform has the ability to both malicious codes digging virtual money on the website. This is a platform developed on the SaaS model, anyone can use through a simple Web interface. Sign up at https://app.cystack.net/register   drupalgeddon2 vulnerability  

Patch update for Drupalgeddon2

Currently Drupal has released patches and a new update for this vulnerability. Specifically, with version 7.x you need to upgrade to Drupal 7.58, with version 8.5.x you need to upgrade to Drupal 8.5.1. Version 8.3.x and 8.4.x should upgrade to 8.3.9 and 8.4.6, or using Drupal’s own patch. In case you cannot install the new version, administrators can update the patch manually under Drupal guidance.

How to fix the hack

For website that have been hacked, seized control, inserted backdoors and malicious codes, administrators can use the Website Malware Removal (Responding) in CyStack Platform. This feature allows detecting malicious codes and support cleaning your website. Hack your website before Hacker do. Get an account: https://app.cystack.net/register