11 | | = |
| 11 | = Find potentially vulnerable sites = |
| 12 | |
| 13 | Ross has made a list of all potentially vulnerable sites on hay (in /root/drupal-7-insecure-databases.txt). They are listed by mosh. In addition, there is a script (that was used to generate this list) in /tmp/find-drupal-7-pre-3.2 on each MOSH. You can re-run this script as often as you need to. |
| 14 | |
| 15 | This script finds databases that it thinks are Drupal 7 sites that are not running version 7.32. There are a lot of false positives (drupal databases that are no longer in use, etc). |
| 16 | |
| 17 | If you are an MF/PL admin, please check for sites on your MOSHes. |
| 18 | |
| 19 | = What to do = |
| 20 | |
| 21 | When you find a site, become the user that owns the site, cd into the web directory, and then search for all settings.php file: |
| 22 | |
| 23 | {{{ |
| 24 | find . -name settings.php |
| 25 | }}} |
| 26 | |
| 27 | Check each settings.php file that returns to ensure that the database named as compromised is not in use. |
| 28 | |
| 29 | If it is in use, use drush to upgrade the core software: |
| 30 | |
| 31 | {{{ |
| 32 | drush up drupal |
| 33 | }}} |