Drupal vulnerability

Linode Staff

I'm running Drupal and heard about the recent vulnerabilities. How can I secure my system and protect myself against these attacks? What signs should I look for when determining if my Linode has been affected?

1 Reply

The recent influx of attacks on Drupal servers is based on a vulnerability that dates back to a few years ago, but has more recently been leveraged into some pretty nasty attacks. Essentially the vulnerability allows attackers to execute code on your server remotely by accessing a particular URL and injecting a SQL query. Many of the attacks have involved injecting cryptocurrency miners, backdoors, and various other malware, as well as leveraging brute force attacks against other servers.

To secure your server you will need to sanitize or rebuild, then update Drupal using the latest official patches for your version.

To sanitize/clean your Linode, you can start off by installing and running ClamAV to identify and remove any malware it detects:

First Install ClamAV -> then run then following commands to update the malware database, run a scan, and remove the detected files:

# freshclam
# sudo clamscan -r -i /
# clamscan -r -i --remove / 

For additional info, check out the Linode ClamAV Guide

Installing and running RKHunter is also recommended:

# cd /tmp
# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz
# tar -xvf rkhunter-1.4.6.tar.gz 
# cd rkhunter-1.4.6
# sudo ./installer.sh --layout default --install
# sudo /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
# sudo rkhunter --check

Review the log files generated by RKHunter in /var/log/rkhunter.log

The following section details which Drupal updates you should take for your version

For Drupal 6.x:

You'll want to install the SA-CORE-2018-002.patch from the following link:
Drupal 6.x Patch

For Drupal 7.x:

Upgrade to Drupal 7.59

For Drupal 8.4.x:

Upgrade to Drupal 8.4.8

For Drupal 8.5.x:

Upgrade to Drupal 8.5.3

Additional details on these patches can be found on Drupal's Security Advisories Page

For more information on the vulnerabilities themselves, Drupalgeddon2 and Drupalgeddon3


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct