Hundreds of Drupal Sites So Victims of Cryptojacking Hack

in #technology7 years ago

There is something great occur in the world and one of them is vulnerability present on the site that have a platform Drupal. Recently, a major campaign of hacking mass that has a target critical vulnerability in content management system Drupal has changed more than 400 website be platform mining cryptocurrency that secretly drain computing resources belongs to visitors.
image
Many of the site hacked this fact is not a small selection, for example site owned by the Lenovo, including the website University of California at Los Angeles, the state agency related to workers and more. It is revealed by the site arstechnica, where most of the concentration of the site hacking largest present on the platform Drupal it has a content management very critical they call drupalgeddon 2. all of these sites run the part JavaScript is the same from what presented in hosting vuuwd.com. Code is not clear this is what caused the visitor's computer dedicate 80 percent of CPU resources them to mine coins digital known as monero without notice or owner's permission. Attacker behind the campaign take over the site to exploit the vulnerability Drupal that makes attack code execution with quite simple and reliable, where the vulnerability of the dubbed as "drupalgeddon 2." party manager Drupal actually patching point vulnerable critical in March, but it turns out many sites slow in handling and install this improvement. It tersebutlah triggering arms race between hackers dangerous three weeks ago with target they still have a vulnerability has not updated on the platform Drupal. Some security companies have reported that a large network infected computer and devices connected to the Internet is the main ways how bad guy did the scanning process mass in an effort to identify the Web sites vulnerable. When botnet identify software Drupal that is not installed, they run scripts automatic exploit vulnerability. In addition to use the gap "disabled" it's in the run scripts to do the mining cryptocurrency through computer visitors, hackers also install malware can attack denial-of-service in other sites. Drupalgeddon2 remind back on the vulnerability Drupal present at the 2014 ago, where this is the first dubbed drupalgeddon, which also facilitate the bad guys to take over the server vulnerable. The Drupal yourself warned vulnerability code execution new that can be exploited online if the user late to update the system to choice updated. So, anyone who run site with platform Drupal should immediately patching their system. Drupal maintainers has been published FAQ page that you can visit here to see everything is much more clear.