Are you the victim of drupal website hacked? If yes then this article may be useful for you to recover or secure your website so it will not happen again.
No doubt Drupal is the one of most secure, popular and powerful CMS. It provides a scalable, flexible platform for any organization to create user-friendly content management system. There are numbers of website running on this platform. however, there are some points which we could keep in mind to prevent this issue.
Causes the site been hacked:
1). Suppose we made the website a long time ago, and it is possible that the version has not security measures or modules to prevent it from. So hackers have a chance to hack it by various means.
2). In drupal, we failed to set a strong admin password. What separates the admin user from the rest of the web is a piece of alphanumeric text – the password. Weak passwords is a huge cause of security flaw as it can bypass all other security systems put in place by Drupal as if it were nonexistent.
3). The Drupal user permission system makes it extremely easy to manage user permissions and define user roles. However, this also means that unauthorized users might be given unnecessary permissions by oversight enabling unwanted or malicious users to gain access to the whole system.
4). Failure in reviewing user creation accounts, users should not be given the permission to create accounts as it is a potential security vulnerability. Malicious users can create an account and if authorized users are given unnecessary permissions in a Drupal website they can cause a malicious event to happen.
5). We are not updating the core and contributed modules to the latest version.
6). Not monitoring the status report in the drupal website. By doing this we could get overall what unwanted is happening in website.
7). It is an extremely bad practice to keep the backups in the web root or in subfolders which are directly accessible from the web. Because the backup files would normally have extensions that are not caught by .htaccess these files can potentially be available from the web. The security risk increases several folds if you keep dumps of the database right in the web folder itself.
Prevent drupal website from hacking
1). We should keep platforms and scripts up-to-date because, many of these tools are created as open-source software programs, their code is easily available to everyone both to good intentioned developers and malicious hackers. Hackers can easily find security loopholes that allow them to take control of your website by exploiting any platform or script weaknesses. Making sure we always have the newest versions of your platform and scripts installed minimizes the risk that you’ll be hacked in this way however this isn’t a “fail safe” way to protect our website.
2). We should install security modules when possible or when released by drupal, like- security review, security kit, login security, spam filter etc.
3). We should lock down our directory and file permissions in FTP and in c-panel both
4). The problem was in this file: /includes/database/database.inc. Here’s the old, vulnerable code, starting at line 735:foreach ($data as $i => $value) { replacing it with this line :foreach (array_values($data) as $i => $value) {
5). Automatic backup of database of the website after the certain interval of time fixed, so that we could co-ordinate with the previous if somenthing unwanted happened suppose every 30 min or so.
6). We are logging in the admin panel of drupal websites via writing /user and then entering the website credentials instead of it writing something else like /somename like /charlie /bird etc.
7). All admin passwords are cryptic form, build using a combination of numeric characters, symbols, upper case and lower case text. The should never contain meaningful words, important dates names and telephone numbers and should be kept as long as possible. We should Make sure that the Core and Contrib modules in a Drupal site are always updated to the latest version whenever they are available. Status reports should be periodically verified to see that they are free from warnings and errors.
8). There should be automated logout from a website after particular session.
How should i recover once my drupal website hacked?
1). A common hack is simply to modify the index.php or any code file in the site such as a template file. We compare all code files to known good copies, either in the revision control system or from drupal.org. the hacked module can help with it.
2). Code inside our content or admin interface. The php.module in core is really handy for site admins to put a little snippet of code into the Drupal interface to make a tweak to the behavior of a node or block. We should review the contents of all nodes, blocks, user profiles, fields, etc. If you can’t legitimately do this by hand then search for malicious content.
3). We should audit the users and remove advanced roles from people who might not need them. Block users who are no longer involved in administering the site.
4). Many attacks leave traces behind, but a session only lasts until the user clicks logout. Using our list of roles with advanced permissions, look for all sessions associated with users who have those roles. Check the amount of time between when the users logged into the site in the users.login value and their most recent page visit in the session.timestamp: select (s.timestamp – u.login) / 60 / 60 / 24 AS dayssincelogin, u.uid from sessions s inner join users u on s.uid = u.uid; An attacker may insert a session for a user who hasn’t logged in for a long time, making it easy to spot their session.
5). In Drupal’s menu_router table gets accessed fairly early in the page request cycle and is a great place to plant some attack code. We should Compare the infected copy with previous one and check, if there is any new addition of tables.
Above all to prevent all this is to take timely backup of all the files and database so that it could be minimized.
If you need further assistance, then feel to contact me. We would be happy to assist you. We are a small team of drupal expert.