On October 15 (the same day as we announced the POODLE vulnerability), Drupal announced an SQL injection vulnerability in version 7.x of Drupal core. On October 29, the Drupal project released this Public Service Announcement.
In summary, within hours of the SQL injection announcement, automated attacks started showing up in the wild, compromising Drupal sites that had not been patched. Some of the attackers have been patching sites they compromise to help them keep control in their own hands. The Drupal project is recommending that any site not patched “within hours” of the October 15 announcement be considered compromised. They recommend a number of steps, including restoring the site from backups made prior to the 15th, and keeping the site offline until it has been patched.
IT Security recommends: Drupal site admins should review the information from the Drupal project. If you are running version 7.x and did not patch to version 7.32 on October 15, you should review the PSA and take their advice seriously–rebuilding from backups and patching are the only ways to be sure of your security. We are not currently aware of any compromised Drupal sites at UW-Madison, but IT Security will increase our monitoring activities and begin scanning for Drupal sites on campus that are visible from the internet. We will post updates as we learn more.
References:
Drupal Security Advisory
Drupal PSA
Drupal FAQ
Some tools to possibly determine if your site has been compromised (Note: IT Security has not tested these tools):
Drupalgeddon
Drupal Project Hacked
The post New vulnerability: Drupal Project PSA appeared first on DoIT.