Drupalgeddon Redux

Tim Godfrey

On March 28 and April 25, 2018, Drupal released critical core updates affecting both Drupal 7 and Drupal 8.

This type of release and critical vulnerability are rare but not unprecedented in the world of Drupal. In fact these recent, related vulnerabilities have been dubbed "Drupalgeddon 2". The original Drupalgeddon, in fall of 2014 was equally bad and Fuse IQ had the privilege to live through and resolve that exploit including having to repair some client sites that were hacked.

While we mitigated serious damage during the original Drupalgeddon event, it was alarming and eye opening for both us and our clients. While not a surprise there would be vulnerabilities and security bugs in a software product and hackers happy to exploit them, the rapid and automated nature by which they were exploited was surprising. But the tech world keeps changing and evolving. Hacking, automation, CPU power, internet connectivity and artificial intelligence all combine to make our computing lives more enjoyable and dangerous at the same time..

This time around for Drupalgeddon 2, we were more prepared as was the Drupal community as a whole. Fuse IQ, for its part, prepped for the announced update (though the Drupal security team wisely did not announce the nature of the vulnerability until the fix was released) and we immediately updated 22 of our client sites in record time!  The rapid and automated nature by which websites are exploited means there can be no hesitancy when updating sites against critical hacks and widely publicized vulnerabilities.

Pantheon, one of our preferred hosting partners wrote in a recent newsletter article that it "has blocked over 2.8 million attempted exploits. Last week, (we) were blocking over half a million exploit attempts a day"  Yikes! This illustrates in real-world scenarios, the importance of a high quality hosting provider, frequent and regular backups as well as keeping sites and servers up to date with the latest security updates. The time, cost and hassle of updating ends up much less so when compared to the cost and chaos of a hacked site.

If you have a Drupal site, or a Wordpress site for that matter, that you haven't been keeping up to date and your site is not hosted on a managed server, your site is at risk! Don't wait until tomorrow to address the issue....hackers won't!


Joel Meyers

Change is good 

Fuse IQ had the existing logo and site look and feel since 2007 and sin

Joel Meyers

Tech Audits and Assessments can help your organization plan and budget with much greater clarity

Joel Meyers

Fuse IQ is a Seattle based, full service digital agency.

Joel Meyers

Once again our clients speak!

Jen Hill

Why UX is important, and how to get started

Why do you create/manage your website?

Joel Meyers

Make sure your website design and development project is a success with this handy checklist

Joel Meyers
Challenges from the past, trends to look for in 2017
Sean S

Many of the problems with the HTTP protocol are finally being solved.