Drupalgeddon2 vulnerability still exists in many websites around the world. More than 115,000 websites are risked being hacked with Remote Code Execution (RCE), hijacking, backdoors inserting, malicious codes through this vulnerability. Drupalgeddon2 was announced almost two months ago
Drupalgeddon2 exists in more than 115,000 websites
Drupalgeddon2 (CVE-2018-7600) exists in the versions of Drupal 6 to 8. The vulnerability allows attackers to execute code remotely to take complete control of the site. The flaw lies in Drupal Form API feature in Drupal core; the hacker can insert and run RCE without authentication, through the parameters in the URL of the website.
Results analysis in Vietnam
In the 2nd test, CyStack detects 379 Drupal websites in Vietnam (equivalent to more than 32.6%) that have not fixed this vulnerability. Among these are many important websites of businesses in e-commerce, banking, startups, technology corporations, state agencies in Vietnam.
Solution for website management
After the release of Drupalgeddon2, CyStack Platform has updated its vulnerability scanning and detection capabilities. In addition, CyStack Platform has the ability to both malicious codes digging virtual money on the website. This is a platform developed on the SaaS model, anyone can use through a simple Web interface. Sign up at https://app.cystack.net/register
Patch update for Drupalgeddon2
Currently Drupal has released patches and a new update for this vulnerability. Specifically, with version 7.x you need to upgrade to Drupal 7.58, with version 8.5.x you need to upgrade to Drupal 8.5.1. Version 8.3.x and 8.4.x should upgrade to 8.3.9 and 8.4.6, or using Drupal’s own patch.
In case you cannot install the new version, administrators can update the patch manually under Drupal guidance.
How to fix the hack
For website that have been hacked, seized control, inserted backdoors and malicious codes, administrators can use the Website Malware Removal (Responding) in CyStack Platform. This feature allows detecting malicious codes and support cleaning your website.
Hack your website before Hacker do. Get an account: https://app.cystack.net/register