Updating drupal 6
The Drupal Security Team released a statement regarding my findings that questioned my methodology.
However, the list of sites has been shared with US-CERT and the Drupal Security Team.
If you represent a national CERT/CSIRT and can offer assistance notifying affected organizations, please contact me.
An important question was raised during my initial investigation — How many Drupal sites are vulnerable?
To find the answer, I began by looking for sites using Drupal 7.
This critical flaw is detailed in Drupal security advisory SA-CORE-2018-002 and has been assigned CVE-2018-7600.
Upon completion of the scan I was able to determine: Numerous vulnerable sites found in the Alexa Top 1 Million included websites of major educational institutions in the United States and government organizations around the world.
Cloudflare dropped upgraderservices[.]cf around PM UTC today. The site is now using a @letsencrypt SSL cert as well.
pic.twitter.com/hm Tzq SG3Tw — Bad Packets Report (@bad_packets) May 31, 2018 Once this was done, the hosting provider was revealed to be OVH.
In my previous post, I detailed a large cryptojacking campaign that affected hundreds of Drupal websites.Tags: Adult Dating, affair dating, sex dating