Drupalgeddon2 – All Drupal users should patch their install now
If you presently have a Drupal installation, you need to update it urgently.
A botnet is currently exploiting a Drupal CMS vulnerability, by using already compromised systems to infect new machines. The botnet is exploiting the CVE-2018-7600 vulnerability, known as Drupalgeddon 2, to gain the ability to execute commands on a server running Drupal.
If you are running 7.x, upgrade to Drupal 7.58 https://www.drupal.org/docs/7/update
If you are running 8.5.x, upgrade to Drupal 8.5.1. https://www.drupal.org/docs/8/update
Add your existing Drupal install to Softaculous for automatic updates
All Clook customers have access to Softaculous via their cPanel dashboard. By adding your Drupal 7 or 8 store to Softaculous, you will be able to select the auto upgrade option, to ensure you are always on the latest version of Drupal.
Login to cPanel
Click the Softaculous link under the Software banner
Search for Drupal using the search box in the top left and click the Drupal link in the left hand menu
Click the import link on the top right hand side of the page
Check the details are correct and click the import button
Congratulations, your Drupal install should now have been imported into Softaculous
You can now follow this guide to upgrade your installs – https://softaculous.com/docs/How_to_upgrade_installations
Today (27/04/18) we’ve updated our mod security rules to try to help mitigate these attacks. This does not remove the requirement to update your Drupal store. There is a small chance that the updates may cause some false positives – please contact our support team if you have any issues.