News About Tonights NWDUG meetup
8 views
Skip to first unread message
Philip Norton
Nov 5, 2014, 11:23:17 AM11/5/14
to nw...@googlegroups.com
Hi All,
Our speaker for tonight has unfortunately had to pull out so we have no set talk for this evening.
Sorry if we have disappointed people. Adam has agreed to do the same talk in January so if you want to see the talk on Wraith then watch out for the dates.
As an alternative we will be looking in the recent Drupal security issue, which has been dubbed as Drupageddon. We will be discussing how the flaw worked, what the implications of the flaw are and how to recover from any resulting hacks. I was going to bring this up as a small discussion anyway, but it makes sense to devote time to it as it is an issue that effects us all.
Thanks,
Phil Norton
Our speaker for tonight has unfortunately had to pull out so we have no set talk for this evening.
Sorry if we have disappointed people. Adam has agreed to do the same talk in January so if you want to see the talk on Wraith then watch out for the dates.
As an alternative we will be looking in the recent Drupal security issue, which has been dubbed as Drupageddon. We will be discussing how the flaw worked, what the implications of the flaw are and how to recover from any resulting hacks. I was going to bring this up as a small discussion anyway, but it makes sense to devote time to it as it is an issue that effects us all.
Thanks,
Phil Norton
Darran Hale
Nov 6, 2014, 12:21:38 PM11/6/14
to nw...@googlegroups.com
Hi
Will the discussion on Drupageddon be available on line by any chance?
I would love to here about it but cant make the meeting.
Best Wishes,
Darran
--
---
You received this message because you are subscribed to the Google Groups "NWDUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nwdug+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Philip Norton
Nov 6, 2014, 3:49:27 PM11/6/14
to nw...@googlegroups.com, Darran Hale
Well there was only a couple of us there so we had a mainly informal chat about things.
For analysis on what happened I think Anthony Ferrara does an excellent breakdown.
To check your system there are a couple of tools available:
Drupalgeddon https://www.drupal.org/project/drupalgeddon
Security Review http://drupal.org/project/security_review
Site Audit https://www.drupal.org/project/site_audit
There is quite a nice post on stack exchange on what to look for:
On a server wide level you could look at rkhunter and lynis.
However, the best advice seems to be that if your site has been compromised then your best bet is to just restore from backup from before the 15th of October. If your server has been compromised then you are best off killing it off and rebuilding it. Backdoors can be difficult to spot.
Phil
Darran Hale
Nov 6, 2014, 4:18:53 PM11/6/14
to Philip Norton, nw...@googlegroups.com
Thanks Phil that is very helpful. It looks like I have got a lot of work to do.
Regards,
Darran
Sent using CloudMagic
Reply all
Reply to author
Forward
0 new messages