Article ID: 123355, created on Oct 30, 2014, last review on Oct 31, 2014

  • Applies to:
  • Plesk Automation

Information

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection.

You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors.

Resolution

NOTE: It is strongly advised to change all the passwords for the application instance.

If you have backup created before Oct 15th, 11pm UTC:

  1. Go to Websites & Domains > Backup Manager and restore virtual host content and database.

  2. Update Drupal installation to version 7.32:

    a. If Drupal is installed as an Plesk application, go to Subscriptions > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:

    b. If Drupal is installed not through Plesk application vault, but manually, follow Drupal upgrade guide.

    Note: If you are unable to update to Drupal 7.32 you can apply this patch to Drupal's database.inc file to fix the vulnerability until such time as you are able to completely upgrade to Drupal 7.32.

If you have no backup:

Follow the steps that are described in the "Recovery" section of the following Drupal site.

e0aff7830fa22f92062ee4db78133079 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF