[BlueOnyx:21973] Drupal - ditch it!
Michael Stauber
mstauber at blueonyx.it
Mon Apr 23 17:09:06 -05 2018
Hi all,
I'll probably be preaching to the choir on this list, but I'll say it
anyway:
If you're running Drupal on any Vsite on your server then you should
consider to suspend or delete that Vsite right now.
If it's a paying customer ask him to get his own server. Preferably
elsewhere.
How complicated is it to turn a Drupal 7 instance into a crypto miner
that uses 90% of the servers CPU power?
A *single* POST request via the web.
Please let that sink in.
And yes, by now there are botnets spreading the infection like wildfire.
Still think it's a good idea to run something on your server that has
such a terrible track record as Drupal has? They will *NEVER* get
security right. Not in a million years. Forget it.
The vulnerability I'm talking about is this one:
https://www.drupal.org/sa-core-2018-002
https://thehackernews.com/2018/04/drupal-cryptocurrency-hacking.html
https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
But it's just *one* in a long list of similar happenstances. So,
seriously: Ditch it. Burn it with fire and nuke it from orbit.
What about the latest version of Drupal? Forget that as well. Because
your user won't update their Drupal installs and neither will you.
Because if it's a pain in the gluteus maximus to update, nobody will.
And sadly: That says as much about Drupal as their long and shitty
security track record, which go hand in hand there.
/rant mode off. ;-)
And yes: I just had to cleanup a BlueOnyx that was hacked that way.
Writing the forensic report on it took longer than the actual cleanup,
though. \o/
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list