3 November 2014

Drupal has warned of a critical vulnerability in its Drupal 7 software, for which it issued a patch. If your website manager was unable to apply this patch immediately following the initial security advisory on 15 October 2014, Drupal’s advice is to assume your site has been compromised. Hackers began automatically attacking unpatched versions within hours of the issued advisory.

Drupal is a website Content Management System (CMS) used by millions of websites worldwide to manage webpages, text, images and other content.

Drupal issued an additional security advisory on 29 October outlining the attacks and recovery options in more detail. Drupal added that the attackers may have copied the data from your site, or that your site could be controlled by the attackers and used for other malicious activities.

You may not know your site has been compromised. It is possible for the attackers to create ‘backdoors’ or access points on your system, which can later be used to gain access to your site and data, after the patch has been applied—without your knowledge.

If you or your business has a website using the Drupal CMS, you should take immediate action to apply the patch and then evaluate further mitigation options. This could include restoring or rebuilding the site, forensic investigation, notification of the incident to associated parties and users, and other actions which will depend on your site and its function. Drupal’s advisory includes some recovery advice for this breach.

Drupal’s website also offers more general advice on recovering from a breach.

More information

Drupal’s original advisory.

Drupal’s additional advisory, including advice about attacks and recovery.

Drupal’s advice on being hacked.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.


Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] communications.gov.au
Web: www.staysmartonline.gov.au
You are receiving this message at the address [Email].
Update your profile preferences
If you no longer wish to receive this information, you can unsubscribe.

© 2013 Australian Government. All rights reserved

Connect with Stay Smart Online