This is not a drill: Update Drupal 7 NOW

Half of a client's Drupal 7 sites were compromised over the weekend.

If you did not update your Drupal 7 website by about Friday, your site was probably hacked too: Update to Drupal 7.32 or apply the patch manually updating is not trivial.

After that, you will need to review your site's administrator users, permissions, logs and content for unexpected users, roles, permissions, content and and scripts.

Follow or join the conversation in #drupalsa05 for more detail about known exploits and how to repair your hacked site.

Comments

Or host with a company that patches your site automatically

You're completely right. If you hadn't patched by Friday, you're gone. If you can't organise the patching, host with a company that can do that for you, insert ad for my company here :-)

"Your gone" might be a bit of

"Your gone" might be a bit of an exaggeration. However you may never know what attackers have done on your server. They have probably executed arbitrary PHP code. There are some great folk watching and documenting exploits and cleaning up from attacks is becoming possible. Although the smarter ones execute arbitrary attacker-supplied PHP code in ways that are not trace-able.