Apologies if you received this already.
---------- Forwarded message ----------
From: Bevan Rudge
Date: Thu, Oct 30, 2014 at 8:37 AM
Subject: [NZOSS-Openchat] Your Drupal website has a backdoor
If you administer a Drupal website or know anyone who does, please
make sure they see this:
Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003
The short version is; if a Drupal website was not patched within 7
hours of the announcement of Dupal-core-SA-2014-005 (aka Drupageddon)
on 16 October (NZ time), it probably has backdoors, and data should be
assumed to be compromised.
The only safe and certain recovery is to get a new server and restore
from backups from before that date.
In many ways this is worse than Heartbleed because it is so easy much
easier to exploit, and the attacker can get any data they ask for
(with Heartbleed, I believe an attacker didn't know what data they
were looking at) and control all of Drupal.
Most attacks seem to be installing backdoors for sending spam or
future amplification of other attacks. But there are many different
types of exploits, so assume anything and everything.
Sent from Auckland, New Zealand
Openchat mailing list
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ
Ph. +64 (7) 858-5174