Drupalgeddon2 Kicks Off

mlnews

CVE-2018-7600 or Drupalgeddon2 is a significant vulnerability in the Drupal Content Management System currently being attacked on a mass scale.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can."

dafyre

@mlnews said in Drupalgeddon2 Kicks Off:

CVE-2018-7600 or Drupalgeddon2 is a significant vulnerability in the Drupal Content Management System currently being attacked on a mass scale.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can."

Somebody here on ML posted a link about that, I think. We got a head of the curve on that one (and we have several Drupal servers here!).

dbeato

@dafyre said in Drupalgeddon2 Kicks Off:

@mlnews said in Drupalgeddon2 Kicks Off:

CVE-2018-7600 or Drupalgeddon2 is a significant vulnerability in the Drupal Content Management System currently being attacked on a mass scale.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can."

Somebody here on ML posted a link about that, I think. We got a head of the curve on that one (and we have several Drupal servers here!).

That was me

dafyre

Has everybody else already patched their Drupal setups?

stacksofplates

@dafyre said in Drupalgeddon2 Kicks Off:

Has everybody else already patched their Drupal setups?

I auto patch mine with drush.

dbeato

@dafyre said in Drupalgeddon2 Kicks Off:

Has everybody else already patched their Drupal setups?

Well, a new customer we needed to patch it

dafyre

@dbeato said in Drupalgeddon2 Kicks Off:

@dafyre said in Drupalgeddon2 Kicks Off:

Has everybody else already patched their Drupal setups?

Well, a new customer we needed to patch it

Hopefully it has been patched before they got pwned.

dbeato

@dafyre said in Drupalgeddon2 Kicks Off:

@dbeato said in Drupalgeddon2 Kicks Off:

@dafyre said in Drupalgeddon2 Kicks Off:

Has everybody else already patched their Drupal setups?

Well, a new customer we needed to patch it

Hopefully it has been patched before they got pwned.

Yeah hopefully .