Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@cervantes01 Nope, no fixes or upgrades. Just a cron job which runs every hour...
-
@soulsuke Set up an inotify instead that listens for modifications and quarantines them until approved. Injected code can do a lot of damage in an hour.
-
@Godisalie A lot of damage? It's literally a miracle they didn't dump the db or compromise the whole machine. But I'm paranoid to think about that >.> As my boss said, wasting time on that is "not billable" >.>
-
@joykill Oooh, that's the fun part! The guy who manages those project does not use git because "the changes made via gui are saved in the db, not in the code, so i'll just dump that". We only have some tgz of a couple of site roots, and they are outdated. Because (same guy as before) "backups are useless, the server uses raid and we'll never havr data loss". I'm still laughing about that XD
Found this in our codebase, apparently one of my co-workers had written this
The company I work for is currently maintaining some websites under an old (>1.5 years) version of Drupal, which has some well known vulnerabilities.
Yesterday we've found out somebody used them to inject php code into every single .php file on the machine. We've been discussing for hours about how to recover data, upgrade stuff, and maybe switch to something else. I've said jokingly "or we could put a find command in the crontab to sed away the php line they've injected!". Guess what we're doing now on our production servers?
rant
drupal is shit
wtf