Updating drupal 6

The Drupal Security Team released a statement regarding my findings that questioned my methodology.

updating drupal 6-25

However, the list of sites has been shared with US-CERT and the Drupal Security Team.

If you represent a national CERT/CSIRT and can offer assistance notifying affected organizations, please contact me.

An important question was raised during my initial investigation — How many Drupal sites are vulnerable?

To find the answer, I began by looking for sites using Drupal 7.

This critical flaw is detailed in Drupal security advisory SA-CORE-2018-002 and has been assigned CVE-2018-7600.

Upon completion of the scan I was able to determine: Numerous vulnerable sites found in the Alexa Top 1 Million included websites of major educational institutions in the United States and government organizations around the world.

Cloudflare dropped upgraderservices[.]cf around PM UTC today. The site is now using a @letsencrypt SSL cert as well.

pic.twitter.com/hm Tzq SG3Tw — Bad Packets Report (@bad_packets) May 31, 2018 Once this was done, the hosting provider was revealed to be OVH.

In my previous post, I detailed a large cryptojacking campaign that affected hundreds of Drupal websites.

Tags: , ,