29

The company I work for is currently maintaining some websites under an old (>1.5 years) version of Drupal, which has some well known vulnerabilities.

Yesterday we've found out somebody used them to inject php code into every single .php file on the machine. We've been discussing for hours about how to recover data, upgrade stuff, and maybe switch to something else. I've said jokingly "or we could put a find command in the crontab to sed away the php line they've injected!". Guess what we're doing now on our production servers?

Comments
  • 3
    To be fair that's awesome. I've dealt with hacked sites and no one has ever suggested anything like that. Simple and elegant. Did you close the vulnerability?
  • 2
    @cervantes01 Nope, no fixes or upgrades. Just a cron job which runs every hour...
  • 3
    @soulsuke Set up an inotify instead that listens for modifications and quarantines them until approved. Injected code can do a lot of damage in an hour.
  • 0
    @Godisalie A lot of damage? It's literally a miracle they didn't dump the db or compromise the whole machine. But I'm paranoid to think about that >.> As my boss said, wasting time on that is "not billable" >.>
  • 0
    I'm residing in the same environment it seems. Although I get it, money vs time is key.

    If you'd just let me fix this, you'll be ...

    *NO!*

    k.
  • 0
    Cleaning up the files is easy... That's why you have git... Just reset it all to latest commit...

    Plugging the security holes, that's something else obviously
  • 0
    @joykill Oooh, that's the fun part! The guy who manages those project does not use git because "the changes made via gui are saved in the db, not in the code, so i'll just dump that". We only have some tgz of a couple of site roots, and they are outdated. Because (same guy as before) "backups are useless, the server uses raid and we'll never havr data loss". I'm still laughing about that XD
Add Comment