I estimate hundreds of thousands of Drupal websites now have backdoors; between ten and ninety percent of all Drupal websites. Automated Drupageddon exploits were in the wild within hours of the announcement. Updating or patching Drupal does not fix backdoors that attackers installed before updating or patching Drupal. Backdoors give attackers admin access and allow arbitrary PHP execution.
Half of a client's Drupal 7 sites were compromised over the weekend.
If you did not update your Drupal 7 website by about Friday, your site was probably hacked too: Update to Drupal 7.32 or apply the patch manually updating is not trivial.
After that, you will need to review your site's administrator users, permissions, logs and content for unexpected users, roles, permissions, content and and scripts.
Originally posted at PreviousNext.com.au.
Scheduler module allows content editors to specify times for content to be published and/or unpublished. However it is not compatible with Workbench Moderation module, which allows content to have states like “draft” and “needs review” rather than just “published” or not.
Scheduler Workbench is a new module that integrates Workbench Moderation and Scheduler modules, so that content can be configured to become published or unpublished and be assigned a new moderation state at a date and time specified by the content editor.
There is currently severe flooding in Queensland Australia. An area twice the size of Texas is underwater. Entire homes are completely inundated. Bridges and cars have been washed away like toys. In Brisbane, airports are closed and the CBD has been closed down. There are at least 15 dead and more than 60 still missing.
QLDfloods.org is a Drupal 7 website set up by several members of the Australian Drupal community to provide information, track missing persons, find resources and people that need them (like beds), track damage and provide support. It was mentioned four times on CNN on Wednesday and multiple times on Australian national media.
The site builders are seeking help with Drupal 7 multiple-server configuration & infrastructure. Do you have expertise to help? Join #Drupal-AU
on IRC, speak up in g.d.o/australia or contact Ryan Cross directly.
Drupal's template files (*.tpl.php
) are not really templates. This is what my DrupalCon core developer summit submission is about. The slides briefly explain why tpl.phps are not real templates, what real templates are, why this is a problem for the Drupal project and community, and mentions some possible solutions to the problem. It also provides some basic guidelines as a starting point for tpl.php standards, should that be pursued.
My largest code contribution to Drupal core just got committed! :) At last node_teaser() can take a rest -- at least for a while anyway. It looks like there'll be another round of work on it for Drupal 7).