Apologies if you received this already. Cheers, Peter ---------- Forwarded message ---------- From: Bevan Rudge Date: Thu, Oct 30, 2014 at 8:37 AM Subject: [NZOSS-Openchat] Your Drupal website has a backdoor If you administer a Drupal website or know anyone who does, please make sure they see this: Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003 https://www.drupal.org/PSA-2014-003 The short version is; if a Drupal website was not patched within 7 hours of the announcement of Dupal-core-SA-2014-005 (aka Drupageddon) on 16 October (NZ time), it probably has backdoors, and data should be assumed to be compromised. The only safe and certain recovery is to get a new server and restore from backups from before that date. In many ways this is worse than Heartbleed because it is so easy much easier to exploit, and the attacker can get any data they ask for (with Heartbleed, I believe an attacker didn't know what data they were looking at) and control all of Drupal. Most attacks seem to be installing backdoors for sending spam or future amplification of other attacks. But there are many different types of exploits, so assume anything and everything. Cheers, Bevan/ http://Drupal.geek.nz http://Twitter.com/BevanR Sent from Auckland, New Zealand _______________________________________________ Openchat mailing list Openchat(a)lists.nzoss.org.nz http://lists.nzoss.org.nz/mailman/listinfo/openchat -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174