Article ID: 123356, created on Oct 30, 2014, last review on Oct 31, 2014

  • Applies to:
  • Operations Automation

Information

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection.

You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors.

Resolution

NOTE: It is strongly advised to change all the passwords for the application instances.

If you have backup created before Oct 15th, 11pm UTC:

  1. Restore backup, go to Customer Control Panel(CCP), click More Services > Backups and restore backup.

  2. Upgrade all Drupal application instances to the version 7.32. In POA it can be performed by the following steps:

    a. Import the new APS application version into POA, if you do not already have it.

    b. Upgarde all instanses of Drupal application to version 7.32 using Bulk Application Upgrades.

    Note: In case if upgrade of particular application instance is not an option it is also possible to apply the following patch to Drupal's database.inc file to fix the vulnerability.

If you have no backup:

Follow the steps that are described in the "Recovery" section of the following Drupal site.

Search Words

SA-CORE-2014-005

PSA-2014-003

CVE-2014-3704

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07

Email subscription for changes to this article
Save as PDF