Drupal exploits? No sign yet of widespread attacks

The 'Highly Critical' vulnerability revealed two weeks ago was widely exploited just hours after it was announced. But there's no evidence yet of actual, widespread attacks.
Written by Larry Seltzer, Contributor

In a year filled with horrible security blunders we may have a winner for worst of the year with eight weeks still to go.

We knew two weeks ago when the Drupal team disclosed a really, really bad SQL injection vulnerability in Drupal 7 that it was important for admins to update quickly. We didn't know quite how quickly.

It turns out that "[a]utomated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement..." of the attack, according to the team. They put it in the most dire terms: "You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement."

That's a lot of sites, potentially millions. Drupal claims a million users on project site drupal.org and over 30,000 developers. Many prominent sites, including the whitehouse.gov, use Drupal.

But over two weeks since the disclosure and over 12 hours since the announcement that automated attacks were quickly occurring, there's not a lot of evidence of #Drupalgeddon. I can't find any cries for help or other public evidence of mass breaches.

Chris Brookins, Sr. VP, Engineering at Acquia, which makes Drupal tools and operates and manages a large number of Drupal sites says (in a comment to our most recent news story on the matter) that "[a]ll Drupal sites powered by Acquia Cloud were protected":

At Acquia, our Acquia Cloud PaaS manages tens of thousands of Drupal 7 sites. Every customer site powered by Acquia Cloud, even free sites, was protected against this vulnerability from the moment the security announcement went out. They all were protected even if a Drupal site owner did not patch their Drupal 7 site. You can read more about how and what we did at https://www.acquia.com/blog/shields, but every Acquia Cloud customer was able to rest knowing they were protected and not unbearable. Here is one example customer tweet in response to our efforts.

Perhaps the dire warning of widespread attacks was made from an abundance of caution?

We will update this story with any important developments.

Editorial standards