Dear Valued Customer
This is an important message from Thobson Technologies regarding the security of your hosting service, for anyone using Drupal. If you are using Drupal, it is essential that you read this message carefully as it explains actions required by you, to secure your service. This is an extremely dangerous vulnerability.
All versions of Drupal 7 prior to version 7.59 and all versions of Drupal 8 prior to version 8.5.3 have a Remote Code Execution exploit. These versions of Drupal must be updated to version 7.59 or 8.5.3 as appropriate.
Please see the official security advisory from Drupal - https://www.drupal.org/sa-core-2018-004
UPGRADE INSTRUCTIONS: The following Instructions explain how to upgrade your Drupal version:
1. Make sure you are able to get shell access to your server:
- Cloud Virtual Servers:
- Shared Hosting
- Dedicated Hosting
2. Take note of your Drupal installation path:
- Cpanel: /var/www/username/www/domain.com or /var/www/site-user/www/domain.com/sub-directory
- Windows: (installed via Marketplace): /var/www/webroot/ROOT
- Plesk: /var/www/vhosts/domain.com/httpdocs or /var/www/vhosts/domain.com/sub-directory
- cPanel: /home/username/public_html or /home/username/public_html/add_on_domains/domain.com
NOTE: Replace username and domain.com with your site user and your domain.
3. Follow the instructions in the link below for your Drupal version:
- Drupal 7: https://www.drupal.org/docs/7/update/core-option-2
- Drupal 8: https://www.drupal.org/docs/8/update/update-core-manually
If you do not know your Drupal version, you can find it in your Drupal administration interface by navigating to Reports > Status reports.
PROTECTION USING THE WEB APPLICATION FIREWALL (WAF)
Our Web Application Firewall partner, has informed us that they have already added a WAF rule to block hackers attempting to exploit this vulnerability in Drupal. We strongly recommend you to check your site for the same.
Please let us know if you have any questions or need assistance in upgrading your Drupal.
Wednesday, May 2, 2018