Fix Hacked Drupal

Created by Boris Grishenko•2024-10-15

Have you experienced issues with your Drupal powered website? Has it been hacked or compromised by malicious software (Malware)? Read on for tips how to resolve these problems.

Hacked Drupal? Fix It… Keep Calm and Carry on

Drupal is not what you may think it is, it’s not some fancy Victorian cough medicine. As much as it may sound like one, it actually is a pretty popular content-management framework that powers over 2.2% of the internets websites worldwide. Created in such a way that it makes website content creation with its utilisation of ‘drag-and’drop functionality’ and no requirement for coding skills to make an effective site, it has seen it’s popularity grow as a result. However as with Wordpress and Magento, popularity of any sort comes with a price as hackers in tandem with malicious intent continually find ways to compromise websites utilising this framework and exploit it to their advantage.

I know what you are thinking, why would some keyboard-warrior or put simply bored tosser wish to hack your site that trades in specific consumer products to a small customer base? Simple… because they are tossers, with nefarious intent and clearly nothing better to do. I am kidding… there is usually a reason for this you have some hackers that continually look for holes or exploits in software to either notify the folks whose software they have exploited or to do something completely underhand altogether.

Drupal as a content-management framework is built in such a way that the security measures built into the codebase make it pretty robust, but this also has its drawbacks. For those hacking attacks that target Drupal, if an exploit is found it is pretty easy to implement on a larger scale. A fairly recent example of this was when an exploit was found in Drupal 7, which allowed the hacker to implement a SQL injection to insert malicious code into multiple websites powered by Drupal. This was called ‘Drupageddon’, yes… Drupal crossed with the word Armageddon, cue the Aerosmith song about not wanting to miss a thing and so on… ad infinitum. Except there is no Liv Tyler in this story, sadly.

So what do you do if you have been hacked, and you are at a loss as to how to remedy this? Read on as I walk you through the steps to resolving this.

1. Make a copy of your site

Once you find out you have been hacked, stop everything else you are doing and make a backup of your Drupal site. Turning off your computer will not resolve this, nor will pulling the network cable or turning off your router. With the advent of cloud technology this is usually meaningless unless you're running from a server in your home or business. Now store this backup on any form of storage media you choose, USB drive, burn it to a CD or save in the cloud.

2. Do you rollback or do you resolve?

Usually when you have an issue like this, you may automatically think of ‘rolling-back’ your Drupal site to an earlier version. But this doesn’t solve the issue of how you got hacked in the first place. How did the hacker get in? Will rolling back resolve this? Were you rebuilding your website anyway? These questions all may be asked at this time. But if you are to rollback, you also need to be sure that the exploit hole in your website has been plugged and you’re no longer at risk.

3. Who can you speak to about this?

If you are web-savvy, you may not need to look to far for an answer. However if you are unsure, you can always ‘ask a friend’ who may be more adept with IT and web app security, or even contact us to enlist our Expert help. Doing this will enable us to walk you through your problems and advise you on the best steps to take.

You can also speak to your web-host though it will be doubtful that they will have archives of your Drupal site older than 30 days, but they may be able to advise you on solutions and steps to take.

4. Taking your site offline - will it help?

In some cases, yes… taking your Drupal website offline allows you to ‘quarantine’ the hacking issue and then resolve them in an ‘offline-environment’. This will alert the hackers that you are on to them, and they may adjust their attack accordingly. But if your site is sending spam, or other malicious content then taking it offline is the best way to mitigate these problems.

If you are not sure of the depth of the hackers attack, or they may have had access. Change all of your passwords in cPanel/FTP and update these to new and more secure ones.

For step-by-step instructions on how to change these within Drupal directly follow the steps here

5. Investigate the cause and root of the problem

Now you’re on a roll and you can start to find out exactly how those hacking bastards got into your Drupal website. What notified you of the hacking incident? What is the result of this hack? Focusing on the problem will enable you to find a means of closing the exploit hole. Often these problems are caused by bots that scan websites for exploits and conducting an internet search can unearth the same issues as those experienced by other Drupal-powered websites.

If you are still not sure what it was exactly, Hire an Expert to help you rectify this problem.

You can also check the OWASP Top 10 list of exploits/SQL injections to narrow this down further.

6. What now, and how to avoid this happening again?

If your site is hacked, you will need to perform a website scan and see exactly where you have been compromised. Activating our super powers to run silently in the background of your Drupal website to search and highlight potential issues:

1. Download the simple to use exploit scanner from HERE. This creates a site specific file which will download to your computer.

2. Upload this to your Drupal-powered site.

3. Activate the scanner, and let it do all the work of scanning your files. Initially there may be a slight impact to the website speed, but in the long run it will resolve the issues you have.

4. Following the scan, we tell you which files are corrupted and which could be exploited. Providing you with a solution to any exploitation issues you may have.

Nothing in life is ever easy, especially responding to unfortunate instances such as being hacked and the possibility of having your customers personal details leaked to a horrible scumbag who wants to relieve folks of their funds, or send unsolicited emails to your customer base.

If you are unsure of what to do following the scan of your Drupal website, you can contact one of our Experts who can assist you with fixing any problems you may have and exactly how to remove the malware that has infected your website.