I live in Auckland NZ, and enjoy being a Dad, snowboarding and contributing to open source. more
I estimate hundreds of thousands of Drupal websites now have backdoors; between ten and ninety percent of all Drupal websites. Automated Drupageddon exploits were in the wild within hours of the announcement. Updating or patching Drupal does not fix backdoors that attackers installed before updating or patching Drupal. Backdoors give attackers admin access and allow arbitrary PHP execution.
If your Drupal 7 (and 8) website is not updated or patched it is most likely compromised. If your website was not updated within a day of the announcement, it is probably compromised. Even if your website was updated within a day, it may be compromised.
If you did not know, Drupageddon is the highly critical SQL injection vulnerability in Drupal core announced 15 October. It is also known as Drupalgeddon (with an "L"), CVE-2014-3704, Drupal SA core 2014 005 and #DrupalSA05. Drupageddon (no "L") is the original name selected by Stefan Horst, who initially reported to the Drupal security team. See Drupageddon.com.
I have drafted this flowchart to help Drupal website administrators understand their options for recovering from Drupageddon. Review, feedback and collaboration is welcome.
The flowchart is a living document. Currently version is number 7.
I created the flowchart hoping that it would help the owners of the hundreds of thousands of compromised websites. Initially I thought it would take a couple of hours. But as I dove into it, I realised how many edge cases there are. It has taken dozens of hours to create, research and update. It will take dozens more as more information about Drupageddon attacks becomes available.
A donation shows me that the work is useful and motivates me to keep it up; As new information about attacks slows down I will shift focus to Drupalgeddon, the drush command, which is the next most useful tool for recovering compromised websites.
|How to fix a Drupal site from Drupageddon, second draft.png||399.63 KB|
|How to fix a Drupal site from Drupageddon, draft 3.png||470.95 KB|
|How to recover from Drupageddon, draft 4.png||581.75 KB|
|How to recover from Drupageddon, transparent draft 5.png||542.35 KB|
|How to recover from Drupageddon, draft 6.png||643.95 KB|
|How to recover from Drupageddon, draft 7.png||651.82 KB|
|How to recover from Drupageddon, version 8.png||634.21 KB|
|How to recover from Drupageddon, version 9.png||639.57 KB|
Half of a client's Drupal 7 sites were compromised over the weekend.
After that, you will need to review your site's administrator users, permissions, logs and content for unexpected users, roles, permissions, content and and scripts.
Follow or join the conversation in #drupalsa05 for more detail about known exploits and how to repair your hacked site.
Most kiwis are, unfortunately, too proud of New Zealand's traditional anti-nuclear political stance to keep an open mind on the topic. Media and politics promote the idea that the rest of the world is "impressed" by our political stance. (My impression is that the rest of the world actually thinks our policy is stupid.)
Kiwis are so proud of our nuclear stance, that it would probably be political suicide for a politician or political party to say "lets build nuclear power stations" or even just "lets revisit bans on nuclear ships".
None of the three highest polling parties have published a policy on nuclear energy. None of their energy policies even mention "nuclear".
(All policies focus on renewable energy. National and Labour both have policies for 90% renewable energy by 2025. Greens' policy is 100% by 2030.)
Whether the lack of "nuclear" is because they are afraid of loss of support if they announced anything concieved as pro-nuclear, because they truly believe a ban on nuclear energy is best, or they simply failed to form or document a policy on it, is up for conjecture.
But the fact that nuclear is not even mentioned in any of those policy documents suggests to me that it is probably the fear of backlash. Although I have heard from multiple sources that New Zealand's energy consumption is too low to justify the cost of nuclear energy.
Of course, nuclear policies are of minor significance in the face of climate change as a whole.
In the face of climate change, nothing else is of much significance. NZ 2014 general elections are an opportune time to start reversing humanity's destruction of this planet we call home.
But understanding how to be a "climate voter" can be a challenge. Is it really as simple as voting for the Green party? Lets take a look.
To evaluate which party is most aligned with your own beliefs and priorities, nothing beats reading party policies. Each party provides summaries and highlights of their policies on their websites in easy to read formats.
The three highest polling political parties also publish PDF documents with more detail:
On climate change, National dedicates a single page to "Climate change" in their "Environment" policy. Labour has an 8-page "Climate Change" policy that looks like it was slapped together in a hurry.
Meanwhile the Green party has a 20-page "Climate protection plan" of academic quality and references to data sources. They also have a video of the summary in New Zealand Sign Language.
I have not been able to use the dialer/keypad or log/history in the Phone app on my Samsang Galaxy S3 since an Android upgrade about four months ago. Whenever I opened them I would get the message "Unfortunately, contacts has stopped". And in order to dial numbers I would have to save them as a contact first.
It is a bug in Android that causes certain configurations to have no valid date format, which in turn causes Contacts app to crash this bug. The workaround solution is so trivial, it is embarrassing for Samsung and Google that they have not fixed this bug yet;
I hope this blog post helps more people find the solution more quickly than I did. (I found the solution on Android Central.)
Work for an innovative internet startup company, breaking new ground in the areas of social networking and self-understanding.
Salary range: $50,000 to $70,000 NZD
Location: Devonport, Auckland
Start: early May
You are finishing your studies in software engineering or computer science and are seeking experience. Internet technology excites you. You are thorough. And passionate about finding simple solutions for complicated problems.
You are a great programmer.
You are looking forward to gaining experience and working with excellent mentors.
Your ability to understand and evaluate, then abstract and re-use code will be essential to your success in this position. We will test your code and problem solving skills in the interview process.
Other useful experience and skills, in order of importance, are:
Archetypes.com is a social site that allows a user to identify their archetypes by taking a short quiz. Archetypes are a universal pattern of behavior that motivates everything we do. They represent the blueprint of one's soul. Once discovered, archetypes enable users to better understand themselves and others. The online platform allows users to search original and curated content, products and people, and easily find what is relevant, meaningful and entertaining to them. Visit www.archetypes.com, take the quiz and begin a journey of self-understanding and become a more authentic you.
We are ready to grow our Auckland team and want a junior developer to grow with us. Are you ready to join us?
You will get to work closely with a dedicated mentor, learn about software development processes for large distributed teams, learn new technologies, new skills and gain valuable industry experience.
By Tuesday 29 April, tell us why you would be a good fit for this role, ask any questions and let us know your salary expections.
If you want to send us your CV too, include a link to it. (If sending a link to your CV is a problem, then this might not be the right job for you.)