[BlueOnyx:21975] Re: Drupal - ditch it!
Meaulnes Legler @ MailList
bluelist at waveweb.ch
Tue Apr 24 05:31:16 -05 2018
okaaay, I fortunately haven't installed it... :-p
Talking about CMS, I installed *Joomla* from the BlueOnyx Shop (Software Updates > Third Party Software > loupe), but afterwards, I don't know how to proceed...
I found a bunch of Joomla files in /home/webapps/joomla, but those aren't accessible from the web of virtual sites. And MySQL has to be configured, too.
Where can I get instructions?
Thank you and best regards
_~_
'¿')
`-´ Meaulnes Legler
Zurich, Switzerland
+41\0 44 260 16 60
On 24.04.18 00:09, Michael Stauber wrote:
> Hi all,
>
> I'll probably be preaching to the choir on this list, but I'll say it
> anyway:
>
> If you're running Drupal on any Vsite on your server then you should
> consider to suspend or delete that Vsite right now.
>
> If it's a paying customer ask him to get his own server. Preferably
> elsewhere.
>
> How complicated is it to turn a Drupal 7 instance into a crypto miner
> that uses 90% of the servers CPU power?
>
> A *single* POST request via the web.
>
> Please let that sink in.
>
> And yes, by now there are botnets spreading the infection like wildfire.
>
> Still think it's a good idea to run something on your server that has
> such a terrible track record as Drupal has? They will *NEVER* get
> security right. Not in a million years. Forget it.
>
> The vulnerability I'm talking about is this one:
>
> https://www.drupal.org/sa-core-2018-002
>
> https://thehackernews.com/2018/04/drupal-cryptocurrency-hacking.html
>
> https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know
>
> But it's just *one* in a long list of similar happenstances. So,
> seriously: Ditch it. Burn it with fire and nuke it from orbit.
>
> What about the latest version of Drupal? Forget that as well. Because
> your user won't update their Drupal installs and neither will you.
> Because if it's a pain in the gluteus maximus to update, nobody will.
> And sadly: That says as much about Drupal as their long and shitty
> security track record, which go hand in hand there.
>
> /rant mode off. ;-)
>
> And yes: I just had to cleanup a BlueOnyx that was hacked that way.
> Writing the forensic report on it took longer than the actual cleanup,
> though. \o/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20180424/cba5e509/attachment.html>
More information about the Blueonyx
mailing list