SOUTHFIELD, MI – Future Hosting, a managed VPS and dedicated server hosting provider, advises Drupal hosting clients who have not patched their site recently to check for signs of compromise or malware infection. Drupal sites that have not been patched against the “Drupalgeddon2” vulnerabilities may have already been compromised.
The Drupal project released a series of patches to fix a remote code vulnerability at the end of March. Further patches will be released on April 25 and sites should be upgraded when the new patches are available.
“Future Hosting is home to thousands of Drupal sites and we’re seeing a constant flood of attacks using this vector,“ said Maulesh Patel, VP of Operations of Future Hosting, “The attacks are so widespread that it is unlikely that any unpatched Drupal site on the web will escape being compromised.”
More than a million websites are based on Drupal. The vulnerability can be used to gain complete access to a Drupal site’s code and data by sending a payload to a known URL — a process that is easy to automate. Patched sites are safe, but unpatched sites are being hacked by automated botnets.
Hosting clients with sites based on Drupal 7 should upgrade to at least Drupal 7.58. Sites based on Drupal 8.5.X should be updated to Drupal 8.5.3. Patches have been released for Drupal 8.4, but earlier 8.X versions are unsupported. Patches are available for Drupal 6 via the Drupal 6 LTS project.
Future Hosting advises that Drupal sites that have not already been patched should be checked for the presence of malware using a reliable malware scanning tool.
About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan.