Drupalgeddon

Well, it's been quite a sprint, but I've finally got Senior Toronto back up and running after two weeks in limbo. Senior Toronto, along with hundreds of thousands of other Drupal sites around the world, was caught in a massive hack attack they're calling Drupalgeddon. The bad guys discovered a vulnerability in the Drupal software, and they were ready for it. In the space of seven hours, they hit nearly a million sites in an automated attack that gave them multiple forms of access to every site, so they could keep collecting the data and selling it to other criminals. By the time most of us received the email alert with a fix from Drupal, it was already too late.

Of course, Senior Toronto is not an e-commerce site and isn't worth hacking; it just got caught up in the sweep. But the hackers had built "back doors" all over the site, and could take it over any time. So I closed it down, wiped it right out, and built it again from scratch on a safe server. In the process I had to give up all the registered user accounts and all those great comments that users had posted. But at least it's squeaky clean now.

This must happen much more often than we realize. The hackers are clearly very skilled and well funded. In spite of the power and scope of this attack, there was barely a whisper of it in the news. I suppose the press doesn't want to spread alarm and undermine confidence in online security; that would be bad for business. Chalk one up for the bad guys.