Drupageddon Morning o' Code


Forsythe Hall, Rm. 246

"Drupageddon" is a Drupal security vulnerability announced on October 15th, 2014.

This will be a working brown-bag session for help upgrading and/or auditing your Drupal 7 site for effects of this vulnerability.

See https://www.drupal.org/PSA-2014-003 and https://www.drupal.org/SA-CORE-2014-005 for more information.

Steps to take

  • upgrade to 7.32
  • Drush drugtest
  • change mysql pw
  • change server pw
  • revoke pubkeys
  • git diff drupal
  • check logs
  • check if PHP module is enabled

At risk

  • drupal data (files, db, code)
  • mysql data
  • server data
  • passwords
  • email addresses

Drush tools

  • gdo.to/drupalgeddon
  • gdo.to/registry_rebuild

Last modified Mon, 3 Nov, 2014 at 13:04