| 11 | | = |
| | 11 | = Find potentially vulnerable sites = |
| | 12 | |
| | 13 | Ross has made a list of all potentially vulnerable sites on hay (in /root/drupal-7-insecure-databases.txt). They are listed by mosh. In addition, there is a script (that was used to generate this list) in /tmp/find-drupal-7-pre-3.2 on each MOSH. You can re-run this script as often as you need to. |
| | 14 | |
| | 15 | This script finds databases that it thinks are Drupal 7 sites that are not running version 7.32. There are a lot of false positives (drupal databases that are no longer in use, etc). |
| | 16 | |
| | 17 | If you are an MF/PL admin, please check for sites on your MOSHes. |
| | 18 | |
| | 19 | = What to do = |
| | 20 | |
| | 21 | When you find a site, become the user that owns the site, cd into the web directory, and then search for all settings.php file: |
| | 22 | |
| | 23 | {{{ |
| | 24 | find . -name settings.php |
| | 25 | }}} |
| | 26 | |
| | 27 | Check each settings.php file that returns to ensure that the database named as compromised is not in use. |
| | 28 | |
| | 29 | If it is in use, use drush to upgrade the core software: |
| | 30 | |
| | 31 | {{{ |
| | 32 | drush up drupal |
| | 33 | }}} |
