Submitted by John on Thu, 07/14/2016 - 09:15

So yesterday was another big one for anyone who maintains Drupal sites. If you haven't patched your sites by now, you should assume at this point that any site you maintain with the Coder, RestWS or Webform Multiple File Upload modules has been compromised. Also note that the Coder module did not need to be enabled for the vulnerability to be exploited. The Drupal community is still evaluating the damage that these vulnerabilities posed, and fortunately, it seems that the fact that they were restricted to a few, less common modules mitigated the problem.

If past experience is any indicator, there are a number of sites out there that will go un-patched simply because the site's owners don't have a developer to handle these matters and the owner's themselves don't follow news of these vulnerabilities and can't respond. The fact is, any CMS, regardless if it is Drupal, Wordpress, or Joomla, is a software application, customized for you, the owner. As a software application, it needs on-going support and maintenance to deal crises such as this past one. My company, Forum One provides retainer support to handle these types of incidents and will respond in situations like these. However, If you aren't supporting your website in the way it needs, then perhaps you should consider converting to a static site, which is much more limited than a CMS, but more appropriate for your technology budget.