Drupal websites that had not patched seven hours after the disclosure on a "highly critical" SQL injection (SQLi) hole disclosed on 15 October are essentially hosed, the content management tool's developers say.
Source: The Register's DRUPAL-OPCALYPSE!
If you did not update your site within seven hours of the bug being announced, we consider it likely your site was already compromised," the team noted in asecurity announcement. Source: CMS WireHow many folks does this affect?
Drupal powers about 2.7 percent of the world's websites, behind only WordPress (47 percent) and Joomla (10.5 percent), according to BuiltWith, a website profiler tool. BuiltWith estimates 266,556 websites are currently using Drupal 7.What to do next...if you were hacked.
View my Flipboard Magazine.
Make Donations via PayPal below:
Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure