All Drupal 7 websites are compromised says advisory


Are you using Drupal Open Source Content Management platform in your website? Then this serious bug alarm bell sounded by the Drupal Authorities is for you.

Time and again mischief mongers are paralyzing websites, with their nefarious activities and this has been a persistent curse for open source software installations. The solace is these software developers are quick in alerting the end-users about the hacking, and recommend suitable corrective action. See the present one below.

News is some 12 million websites all over the world have been attacked by hijackers, through a bug that was discovered on 15th October in Drupal Core CMS versions 7.x. Automated attacks of SQL injection vulnerability by vested interests was found by a German security firm, on a complaint by an end-user to check vulnerabilities.

The attack was targeted on all Drupal installation sites, which use Drupal versions 7.x and earlier prior to 7.32. The vulnerability is explained as – a remote unauthenticated attacker will be able to inject SQL queries, spread malicious software bugs and take complete control of the Drupal installation, which also includes code execution.

The Advisory Notice from Drupal authorities says:
“Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement… You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, [which is] 7 hours after the announcement,”

Interestingly a heated debate is going on among Internet experts that the vulnerability was sitting right at the public domain of Drupal’s bug tracking database; and that escaped the attention of the security team somehow. But the Drupal authorities are maintaining that the hugeness of the issues receiving attention of the security team prevented it from being detected, since as of today there are 14,000 issues in Drupal’s core issue queue.
Whatever it is the damage is already done. Generally Drupal Open Source CMF is used to manage web content, text, images and video. An estimate says some 5.1% of the billion or so websites all over the world use Drupal 7 installation.

According to the Security Warning issued by Drupal, the users should have applied the patch within 7 hours from the security alert and if not they have to “assume” that their site is bugged without question. The compromised website with Drupal core version 7.x should immediately update their version to 7.32 or later.
But debugging experts say that even this updating will not be of use, if the attackers have already got access through backdoors. They add there may be no trace of the attack and the attackers may have copied all data from the concerned sites and started using it maliciously.

The remedial action strongly recommended is to contact your webhost and professional website builders like immediately; and discuss with them the most-suitable recovery solutions. Their professional experts are in a better position to get your website back on track, free from the bugging, by checking the entire server for malicious code or malicious activity etc.
Just don’t take chances – the damage is serious, if you need any help please reach out us at

GD Star Rating
GD Star Rating
Share this Story

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share a word

Blog Rating

Average blog rating:

9.6 is an Einfoway Company, with huge 15+ years of experience in Total Web Solutions and having clients around the globe. Name that you can trust.

Email : info @
Call Us : + 1 704 557 0251
Usa Toll Free : + 1 888 992 7246