Drupalgeddon2 – All Drupal users should patch their install now

If you presently have a Drupal installation, you need to update it urgently.

A botnet is currently exploiting a Drupal CMS vulnerability, by using already compromised systems to infect new machines. The botnet is exploiting the CVE-2018-7600 vulnerability, known as Drupalgeddon 2, to gain the ability to execute commands on a server running Drupal.

If you are running 7.x, upgrade to Drupal 7.58 https://www.drupal.org/docs/7/update

If you are running 8.5.x, upgrade to Drupal 8.5.1. https://www.drupal.org/docs/8/update

Add your existing Drupal install to Softaculous for automatic updates

All Clook customers have access to Softaculous via their cPanel dashboard. By adding your Drupal 7 or 8 store to Softaculous, you will be able to select the auto upgrade option, to ensure you are always on the latest version of Drupal.

1

Login to cPanel

2

Click the Softaculous link under the Software banner

3

Search for Drupal using the search box in the top left and click the Drupal link in the left hand menu

4

Click the import link on the top right hand side of the page

5

Check the details are correct and click the import button

6

Congratulations, your Drupal install should now have been imported into Softaculous

7

You can now follow this guide to upgrade your installs – https://softaculous.com/docs/How_to_upgrade_installations

Update 27/04/18

Today (27/04/18) we’ve updated our mod security rules to try to help mitigate these attacks. This does not remove the requirement to update your Drupal store. There is a small chance that the updates may cause some false positives – please contact our support team if you have any issues.

Clook Logo

Get regular tips, tricks and updates!

Signup today for our awesome newsletter and recieve monthly emails with all sorts of helpful articles on hosting and web development.