Cách restore lại website Drupal khi bị hacked Site

Cách restore lại website Drupal khi bị hacked Site

Rollback a server backup (files and database) from before October 15th 2014.

No server backup?

  1. Run "git status" to find new and modified files.
    • Delete new files
    • Checkout modified files
  2. Thouroughly check files directory for anything unusual.
  3. Make sure the .htaccess file in the files directory restricts code execution
  4. Restore database from pre Oct. 15th backup
  5. Update Drupal Core to latest release

... Read on for details...

I think I might have been hacked. What do I do?

Hi, this is Brian Lewis with Modules Unraveled.

As you probably already know, there was a huge security fix released for Drupal 7 on October 15th (SA-CORE-2014-005). The patch to update Drupal is actually quite small, but the implications of not updating your site are massive. As a matter of fact, if you haven't already updated your site, chances are you have already been hacked. There were automated programs systematically attacking Drupal sites hours after the fix was released. In this video I'm going to show you how to find out whether or not your site has been hacked. And if so, I'll walk you through what you need to do now, to reduce the damage done.

There are two ways to find out whether your site has been hacked. With "git status" and by searching the database.

  • Run "git status" inside Drupal root
    • This will show us any files that have been modified since our last commit. On the live server, there shouldn't be any, so anything listed here, I know is a result of being hacked.
    • This is a huge reason you should be using version control on your site. If you're not, you can try to re-download every module, theme and library you have and download a fresh copy of the version of Drupal core that you had before the attack and replace all of those on your server. I'm hesitant to recommend this as a full fix though, because there may be hidden files, or files in places you don't think to look. Really, my recommendation is a full re-install. If you're in this situation, I'm sure you don't want to hear that, but I hope this gives you a reason to look into Git.
  • Search for "file_put_contents" in database
    • If there is a result. You've been hacked.
    • Click "Browse".
    • Click the "BLOB" link under "access_arguments". This should download a file to your local machine.
    • Open that file with a text editor.
    • Notice that only one file is listed. There may be others that need to be deleted.
  • If there are no extra files in your git repo, and no results in database search. You're not hacked. Update Drupal Core now! Or at least do the hotfix mentioned here as a temporary measure.
  • Delete/checkout all files listed by "git status" (Also check your files directory. The files directory should not be in Git, but that means there's no easy way to view new and modified files, but they could have been placed there. By default, the .htaccess file that is in that directory prevents php code from being executed, but Michael said he has seen an attack that modified that .htaccess file. So, you need to check your site.)
  • Restore Database (Otherwise thouroughly check Users, Node, etc.)
  • Install latest Drupal Core update

Recap:

  1. Run "git status" to find new and modified files.
    • Delete new files
    • Checkout modified files
  2. Thouroughly check files directory for anything unusual.
  3. Make sure the .htaccess file in the files directory restricts code execution
  4. Restore database from pre Oct. 15th backup
  5. Update Drupal Core to latest release

Updates:

  1. Drupal security team member Greg Knaddison (greggles) wrote up a great guide on what to do when you get hacked. He includes things I didn't mention like making a forensic copy of your site to inspect later, and notifying site stakeholders. You can read that here.
Bạn thấy bài viết này như thế nào?: 
Average: 5 (1 vote)
Ảnh của Tommy Tran

Tommy owner Express Magazine

Drupal Developer having 9+ year experience, implementation and having strong knowledge of technical specifications, workflow development. Ability to perform effectively and efficiently in team and individually. Always enthusiastic and interseted to study new technologies

  • Skype ID: tthanhthuy

Tìm kiếm bất động sản

 

Advertisement

 

jobsora

Dich vu khu trung tphcm

Dich vu diet chuot tphcm

Dich vu diet con trung

Quảng Cáo Bài Viết

 
Nợ 5.200 tỷ USD của ngành bất động sản Trung Quốc có 206 triệu USD trái phiếu

Nợ 5.200 tỷ USD của ngành bất động sản cần 206 triệu USD thanh toán trái phiếu

Giới chức Trung Quốc ngày càng nghiêm túc trong việc hạn chế việc vay quá mức. Nhưng làm như vậy mà vẫn không phá hỏng thị trường bất động sản, gây tê liệt nhiều nhà phát triển và làm trật bánh nền kinh tế của đất nước

Hướng dẫn tạo Contextual Filters và Arguments trong Drupal 7

Hướng dẫn tạo Contextual Filters và Arguments trong Drupal 7

In Drupal 6, a key feature in Views was called "arguments". This term made perfect sense to developers, but caused plenty of raised eyebrows amongst news users.

Một số điểm quan trọng khi sử dụng Drupal 8 Composer lưu ý

Một số điểm quan trọng khi sử dụng Drupal 8 Composer lưu ý

Whether you are familiar with Composer or not, using it to manage dependencies on a Drupal project entails its own unique set of best practices. In this article, we will start by getting a Composer-managed Drupal project set up

Công ty diệt chuột T&C

 

Diet con trung