Changes between Version 1 and Version 2 of drupageddon


Ignore:
Timestamp:
Oct 30, 2014, 1:41:41 PM (6 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • drupageddon

    v1 v2  
    99This page documents instructions for MF/PL support team members on how to check server for vulnerable sites.
    1010
    11 =
     11= Find potentially vulnerable sites =
     12
     13Ross has made a list of all potentially vulnerable sites on hay (in /root/drupal-7-insecure-databases.txt). They are listed by mosh. In addition, there is a script (that was used to generate this list) in /tmp/find-drupal-7-pre-3.2 on each MOSH. You can re-run this script as often as you need to.
     14
     15This script finds databases that it thinks are Drupal 7 sites that are not running version 7.32. There are a lot of false positives (drupal databases that are no longer in use, etc).
     16
     17If you are an MF/PL admin, please check for sites on your MOSHes.
     18
     19= What to do =
     20
     21When you find a site, become the user that owns the site, cd into the web directory, and then search for all settings.php file:
     22
     23{{{
     24find . -name settings.php
     25}}}
     26
     27Check each settings.php file that returns to ensure that the database named as compromised is not in use.
     28
     29If it is in use, use drush to upgrade the core software:
     30
     31{{{
     32drush up drupal
     33}}}