Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including a malicious file in each visitor’s session. It’s quite common for attackers to evolve their techniques and add new variations of hidden backdoors to make it harder to get rid […]
Tag Archives: Drupal Security
Hacked Website Report – 2016/Q3
Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of over 8,000 infected websites. This […]
Spotlight: How Softwear Systems Provides Drupal Security
In the early 1980’s Softwear Systems opened up as a custom software company in Chicago. Over the years, its founder Mitch Meyers, learned how to create and manage great websites. Today, the company focuses on providing effective Drupal web development for their clients. At one point, Softwear had a client who worked for a branch… […]
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side… […]
Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highly critical SQL Injection (SQLi) vulnerability that allowed an attacker to arbitrarily execute SQL commands remotely, leading to potential privilege escalation issues and execution of PHP code on the server. The vulnerability… […]
Drupal SQL Injection Attempts in the Wild
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of Drupal 7.x. In our last post, we talked about the vulnerability and that we expected to see attacks starting very soon due to how severe and easy it was to […]