Fix Hacked Drupal


Did you have any problems with your Drupal powered web site? Did malicious software (Malware) hack or break this? Read on for tips on how to fix those issues.

Drupal hacked? Fix it … Keep calm and move on

Drupal isn’t what you would think it’s, it isn’t some fancy Victorian cough. As much as it can sound like one, it is in reality a very common content-management system that controls over 2.2 percent of websites around the world. Created in such a way that it generates website content by using ‘drag-and – drop’ features and no coding skills prerequisite to make an successful website, it has seen its popularity rise as a result. Like WordPress and Magento, however, success of any kind comes with a price as hackers in tandem with malicious intent are increasingly seeking ways to compromise websites using this mechanism and exploiting it to their benefit.

I know what you’re thinking, why would any keyboard warrior or just bored tosser want to hack your site from a tiny customer base trading in particular consumer products? Simple … for they ‘re tossers, with a sinister motive, and clearly nothing better to do. I’m kidding … there’s probably an explanation why you’ve got some hackers who are always searching for gaps or vulnerabilities in software to either warn people whose software they’ve compromised or do anything totally underhand.

Drupal as a content-management system is designed in such a way that the security mechanisms implemented into the codebase make it pretty stable, but this has its disadvantages too. If an exploit is found it is fairly easy to apply on a larger scale for those hacking attacks that threaten Drupal. A fairly recent example of this was when an exploit was found in Drupal 7 which allowed the hacker to implement a SQL injection to insert malicious code into multiple Drupal powered websites. It was named ‘Drupageddon,’ indeed … Drupal crossed the word Armageddon, cue the Aerosmith song about not wanting to miss anything, etc … ad infinitum. And there is, unfortunately, no Liv Tyler in this storey.

And what are you doing if you’ve been hacked, and you’re missing out on how to fix that? Read on as I lead you through the steps to fix this.

Make a copy of the website

When you find out that you’ve been hacked, stop everything else that you’re doing and make your Drupal site back up. Turning off your machine won’t fix this, it won’t pull the network cable or switch off your router. Currently this is pointless with the emergence of cloud technology unless you’re operating from a server in your home or company. Save this snapshot now on any storage media you want, USB drive, burn it to a CD or save it in the cloud.

Can you rollback or decide?

Typically when you have a problem like this, you can immediately think to an earlier version of ‘rolling-back’ your Drupal site. But this doesn’t answer the first-place question about how you hacked. In what way did the hacker get in? Will it fix that by rolling back? Anyway you were restoring your website? These questions will all be asked at this point in time. But if you’re trying to rollback, you must also be confident that your website’s vulnerability hole has been patched in, and you’re no longer at danger.

Who can you talk to about this?

If you’re web-savvy, you do not need to look for an answer to that much. However, if you’re unsure, you can always ‘ask a friend’ who may be more adept with protection for IT and web apps, or even contact us to get our expert assistance. This will allow us to walk you through your problems and give you advice on the best steps to take.

Although it would be unlikely that they would have archives of your Drupal site older than 30 days, you may also talk with your web host, but they will be able to advise you on alternatives and steps to take.

Taking the site down-is that going to help?

In certain cases, yes… taking offline your Drupal website helps you to ‘quarantine’ the hacking problem and then solve it in a ‘offline setting.’ This will warn the hackers you ‘re on to them, and they can change their attack as necessary. But taking it offline is the only way to mitigate these problems if your site receives spam or other harmful material.

If you’re not sure how far the hackers are targeting, or they would have had access. Change all of your cPanel / FTP passwords, and upgrade them to new, safer ones.

For step-by – step instructions on how to modify this in Drupal follow the steps directly here

Examine the origin and root cause of the issue

You ‘re now on a roll, and you should start figuring out just how those hacking bastards broke into your Drupal website. What made you aware of the hacking incident? What is the outcome of the hack? Focusing on the issue will encourage you to find a way to close the hole in the exploit. Often these problems are caused by bots searching websites for vulnerabilities and performing an internet search will expose the same problems that other Drupal-powered websites also encountered.

Hire an expert to help you rectify this issue if you’re still not sure exactly what it was.

Also you can search the OWASP Top 10 list of exploits / SQL injections to further narrow this down.

What now, and how do we keep it from happening again?

If your website has been hacked, you’ll need to search a database to see exactly where you were compromised. Enable our super powers to run silently in the background of your Drupal website in order to scan for and highlight potential problems:

  1. Download the HERE exploit scanner which is easy to use. This generates a file unique to the site that will be downloaded to your computer.
  2. Upload this to your site which is operated by Drupal.
  3. Trigger the scanner, and allow it to search your files all the way through. It will may have a small effect on the pace of the website, but in the long run it will solve the problems you have.
  4. After the scan we’ll tell you which files are compromised and which files can be manipulated. Providing you with a solution to any problems you might have with manipulation.

Nothing in life is ever easy , especially responding to unfortunate instances such as being hacked and the possibility of having your customers leak personal information to a horrible scumbag who wants to rob people of their funds, or sending unsolicited emails to your customer base.

If you’re unsure what to do after scanning your Drupal website, you may contact one of our experts who can help you address any issues you might have and how to delete the malware that has infected your website exactly.