Drupal 7.32 was released on October 15th to fix a critical security vulnerability. All Drupal 7 sites on sites.stanford.edu and people.stanford.edu were upgraded that day. On October 29th, a further Public Service Announcement was released, detailing the severity of the vulnerability and steps to take if you believe that your Drupal 7 site may have been compromised.
Given this recent PSA, we are continuing to audit all sites on the Stanford Sites platform in coordination with the Information Security Office (ISO).
If you have questions about your Drupal 7 website at Stanford and would like further information about how the vulnerability may affect you, please submit this form, and University IT will contact you to help.
Q: Do you have recommendations on how a site owner should investigate this problem for Drupal 7 sites not hosted in sites.stanford.edu or people.stanford.edu?
A: Yes, though the answer is complex. The most thorough process for investigation and remediation is detailed in the flowchart at: Your Drupal Website Has a Backdoor
Please note that if you did not upgrade your website on October 15, simply upgrading to Drupal 7.32 now may not be enough. You may need to take additional steps to look out for signs your website has been compromised.
Q: The PSA says that "Attackers may have copied all data out of your site." Does this include the database access info in the settings.php file?
A: Unfortunately, yes. The vulnerability that was announced (and patched) on October 15th allows an attacker unfettered access to your Drupal codebase, files, and database.
What to do now
Every content management platform requires regular maintenance and security upgrades, and there are several options available to you for help.
First, know where your website is hosted and know what version of Drupal you are using and when it was last upgraded. If you need help answering these questions, please contact University IT through submitting this form, and we will be happy to assist.
Next, if you know that your Drupal 7 website is not hosted on Stanford Sites and it is not yet upgraded, please do the following ASAP:
- Take immediate steps to upgrade, or contact your web developer to do so.
- Watch for signs of a compromised site, or submit this form to request University IT help with monitoring.
- Your Drupal Site Got Hacked - Now What?
Thank you for taking these important steps to ensure the security of your websites for Stanford University.