Critical Drupal Vulnerabilities Announced: Update Now.
A critical vulnerability is being exploited in Drupal, a popular Content Management System (CMS), since April 2018. If you run a Drupal website, please update it immediately.
About Drupal’s Critical Vulnerabilities: CVE-2018-7602 and CVE-2018-7600
Both vulnerabilities are rated Highly Critical. Hackers can exploit these vulnerabilities to gain complete access to your website and hosting account. All modern versions of Drupal are affected including Drupal 6, 7 and 8.
Information about both vulnerabilities are available on Drupal's website:
How can I secure my Drupal website?
Please update your Drupal installation to the latest available version. The upgrade process may depend on your current Drupal version and may require a developer's or technician's intervention.
Before You Update
Always back up your current installation, including files and database, before any important update.
What else can I do to protect myself?
Drupal reports that "this vulnerability [CVE-2018-7602] is being exploited in the wild." which means that there are known cases of this vulnerability having been already exploited in production environments by hackers.
This is worrying as your website could potentially be compromised without any obvious signs. More worrisome is that hackers often wait up to a year to activate the malicious code so that patches and backups are limited in their effectiveness.
WHC's SiteSafe Protection service can be used to perform a deep scan to identify any compromised installations and clean them, as well as identify hidden vulnerabilities. To facilitate and encourage its adoption, Web Hosting Canada users can benefit from a 20% discount on SiteSafe Protection this month. Use the code DRUPALSITESAFE20 when ordering to automatically receive the discount.
The Team at WHC
Also on the WHC Blog
cPanel on iPhone: Hosting Management on the Move
As of 2019, cPanel appears to have discontinued the iPhone and Android cPanel App support. The content of this article may no longer be accurate. Don’t wait till you get to a computer to modify your website, emails...Read full article
Domain Name Slamming: Protect Yourself
As we’ve explored in our previous article about new privacy regulations coming into force in Europe, security concerns are growing around the world. Closer to home, scams involving domain names are not new, but have been...Read full article
How can we help?
WHC Live Chat
As the number of communications has significantly increased due to the August 28 incident, response time is impacted. We have prepared an FAQ where you can find most answers on the situation and how-tos on restoration.See the FAQ I'm patient, chat now Follow the evolution of the situation
How can we help?Our experts are available 24/7
Our friendly customer service team is available right now.