Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By rgracia on
So I logged on to our site today to find that someone had hacked into our site and exploited some way to create multiple e-commerce donation products. From what we could investigate, they only created bogus products with garbage links to take people to promotional web sites, but we are still not sure how it happened and what part of Drupal did they use to exploit a vulnerability. I am guessing e-commerce since that was the only side of the site where they could create new content and publish it. I will let you know if we are able to find out how it happened. I have just finished upgrading to 5.8 and have tighten our user account creation settings (now needing admin activation). Hoping the upgrade will help in securing the site.
Comments
I guess the question is,
I guess the question is, what versions of everything were you using at the time? drupal, php, apache etc
Were all of your modules up to date?
Log analysis (Apache log,
Log analysis (Apache log, Drupal watchdog and (if statistics.module enabled and appropriately configured) recent hits page - {accesslog} table) should contain clues about how the hacker got in. Also the uid of the user that created/updated the nodes ({nodes} and {node_revisions} tables), the timestamp when the nodes were created/updated, last login and access by the user {users} table, plus there may be evidence in the {sessions} table and elsewhere.
gpk
----
www.alexoria.co.uk
gpk
----
www.alexoria.co.uk
configuration as a starting point
Hello,
There was a recent similar report - http://drupal.org/node/280982
This is likely a configuration problem (as you've noted, your account submission rules needed to be tightened).
In general, though, please be sure to follow the process for reporting a security issue.
--
Open Prediction Markets | Drupal Dashboard | Learn more about Drupal - buy a Drupal Book
--
Morris Animal Foundation
We found an explanation to
We found an explanation to what happened. The good news is that Drupal wasn't hacked. The bad news is that we misinterpreted the permission wording for the donations module and granted "make donations" permission to our authenticated users thinking the permission granted rights to donate simply, while in fact, it allowed them to create a donation product. As many as they wanted as a matter of fact.
I have made a request for change in language for the permissions page for the Donations module:
http://drupal.org/node/282552