Drake83
Level 3
Write the reason you're deleting this FAQ
I just received this email from Drupal. They were hacked but the platform of Drupal wasn't hacked, instead some third-party software was installed on their server. I wonder how that happens? Does an employee at Drupal or an insider do that?
We respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about an incident that involves your personal information. The Drupal.org Security and Infrastructure Teams have discovered unauthorized access to account information on Drupal.org and groups.drupal.org. Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.
This unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within the Drupal software itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.
We have implemented additional security measures designed to prevent the recurrence of such an attack, and to protect the privacy of our community members.
The next time you attempt to log into your account, you will be required to create a new password.
Below are steps you can take to further protect your personal information online. We encourage you to take preventative measures now to help prevent and detect the misuse of your information.
First, we recommend as a precaution that you change or reset passwords on other sites where you may use similar passwords, even though all passwords on Drupal.org are stored salted and hashed. All Drupal.org passwords are both hashed and salted, although some older passwords on groups.drupal.org were not salted. To make your password stronger:
* Do not use passwords that are simple words or phrases
* Never use the same password on multiple sites or services
* Use different types of characters in your password (uppercase letters, lowercase letters, numbers, and symbols).
Second, be cautious if you receive emails asking for your personal information and be on the lookout for unwanted spam. It is not our practice to request personal information by email. Also, beware of emails that threaten to close your account if you do not take the "immediate action" of providing personal information.
For more information, please review the security announcement and FAQ at https://drupal.org/news/130529SecurityUpdate. If you find any reason to believe that your information has been accessed by someone other than yourself, please contact the Drupal Association immediately, by sending an email to [email protected].
We regret that this incident has occurred and want to assure you we are working hard to improve security.
Are you sure you want to delete this post?
Are you sure you want to delete this post?
| Match | Count | SQL | Script |
| SELECT * FROM `questions` as q JOIN categories_faq as c ON q.catid=c.CATID WHERE (q.status=1 OR (q.status=2 AND userid='') ) AND q.quesid='11320' | 1 | SELECT q.*, c.seo as CatSEO, c.name as CatName, c.parentid
FROM `questions` as q
JOIN categories_faq as c ON q.catid=c.CATID
WHERE (q.status=1 OR
(q.status=2 AND userid='')
)
AND q.quesid='11320' | /opt/clerks-staging/docroot/viewfaq.php 496 () () |
| SELECT * FROM seoclerks.members WHERE USERID='6289' | 1 | SELECT * FROM seoclerks.members WHERE USERID='6289' | /opt/clerks-staging/docroot/include/functions/includes/member.php 445 GetAllUserDetails() () |
| SELECT * FROM seoclerks.members WHERE USERID=6289 | 1 | SELECT googleplus_profile FROM seoclerks.members WHERE USERID=6289 | /opt/clerks-staging/docroot/include/functions/main.php 16914 GetGooglePlusProfileFromId() () |
| SELECT * FROM ratings_faq as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=11320 LIMIT 5 | 1 | SELECT m.username FROM
ratings_faq as r,
seoclerks.members as m
WHERE r.USERID=m.USERID
AND r.upvote=1
AND r.PID=11320
LIMIT 5 | /opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() () |
| SELECT * FROM answers a, seoclerks.members b WHERE a.quesid='11320' AND a.userid=b.USERID and b.status='1' AND a.status=1 ORDER BY a.combined_votes DESC, a.date_answered asc | 1 | SELECT a.answer, a.USERID, a.upvotes, a.downvotes, a.ansid, a.parentid, a.combined_votes, a.date_answered,
b.username, b.userlevel, b.profilepicture FROM answers a, seoclerks.members b
WHERE a.quesid='11320' AND a.userid=b.USERID and b.status='1' AND a.status=1
ORDER BY a.combined_votes DESC, a.date_answered asc | /opt/clerks-staging/docroot/viewfaq.php 1245 () () |
| SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=50893 LIMIT 5 | 1 | SELECT m.username FROM
ratings_faqanswers as r,
seoclerks.members as m
WHERE r.USERID=m.USERID
AND r.upvote=1
AND r.PID=50893
LIMIT 5 | /opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() () |
| SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=50894 LIMIT 5 | 1 | SELECT m.username FROM
ratings_faqanswers as r,
seoclerks.members as m
WHERE r.USERID=m.USERID
AND r.upvote=1
AND r.PID=50894
LIMIT 5 | /opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() () |
| SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=50895 LIMIT 5 | 1 | SELECT m.username FROM
ratings_faqanswers as r,
seoclerks.members as m
WHERE r.USERID=m.USERID
AND r.upvote=1
AND r.PID=50895
LIMIT 5 | /opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() () |
| UPDATE questions SET total_views = total_views + 1 WHERE quesid='11320' | 1 | UPDATE questions SET total_views = total_views + 1 WHERE quesid='11320' | /opt/clerks-staging/docroot/include/functions/main.php 1765 update_Faqviewcount() () |
| SELECT * FROM questions WHERE quesid!='11320' AND status='1' AND (question like '%Drupal hacked...%' OR question like '%Drupal%' OR question like '%hacked...%') -- ORDER BY RAND() LIMIT 15 | 1 | SELECT quesid, question, seo, userid
FROM questions
WHERE quesid!='11320' AND status='1'
AND (question like '%Drupal hacked...%' OR question like '%Drupal%' OR question like '%hacked...%')
-- ORDER BY RAND()
LIMIT 15 | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() () |
| SELECT * FROM seoclerks.members WHERE USERID='147' limit 1 | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='147' limit 1 | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture() |
| SELECT * FROM seoclerks.members WHERE USERID='65040' limit 1 | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='65040' limit 1 | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture() |
| SELECT * FROM seoclerks.members WHERE USERID='18733' limit 1 | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='18733' limit 1 | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture() |
| SELECT * FROM seoclerks.members WHERE USERID='19821' limit 1 | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='19821' limit 1 | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture() |
| SELECT * FROM members_ledger WHERE script='/opt/clerks-staging/docroot/viewfaq.php' AND querystring LIKE '%id=11320%' AND added>=UNIX_TIMESTAMP(NOW())-1200 GROUP BY USERID | 1 | SELECT USERID, username FROM members_ledger
WHERE script='/opt/clerks-staging/docroot/viewfaq.php'
AND querystring LIKE '%id=11320%'
AND added>=UNIX_TIMESTAMP(NOW())-1200
GROUP BY USERID
| /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() () |
| SELECT * FROM categories | 1 | SELECT * FROM categories | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() parseRedundantQueriesCache() |
| select * from categories_software order by name asc | 1 | select * from categories_software order by name asc | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_GetSoftwareCategories() |
| select * from categories_wanttobuy order by name asc | 1 | select * from categories_wanttobuy order by name asc | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_wantcategories() |
| select * from categories_wanttotrade order by name asc | 1 | select * from categories_wanttotrade order by name asc | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_tradecategories() |
| SELECT * FROM seoclerks.members WHERE USERID='2951.jpg' | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='2951.jpg' | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage() |
| SELECT * FROM seoclerks.members WHERE USERID='9.png' | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='9.png' | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage() |
| SELECT * FROM seoclerks.members WHERE USERID='147.jpg' | 1 | SELECT profilepicture FROM seoclerks.members WHERE USERID='147.jpg' | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage() |
| select * from categories_faq order by name asc | 1 | select * from categories_faq order by name asc | /opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_GetFaqCategories() |
| count(*) | sql1 | error_msg |
|---|
| Load | Count | SQL | Max | Min |
Everett
An employee, or 'insider' is likely to do this type of damage, maybe for job less, etc. However, this is very unlikely but in some cases such attacks as these do occur. Since they announced that the Drupal websites we're not an issue [which is a good thing since a lot of people/businesses use them] I'm sure they take all appropriate measures to investigate thoroughly as to whom or what 'group' it was.
People should always be warned that nothing is really 'safe' on the internet, and there are all kinds of attacks that could happen. It's best to take all appropriate measures into consideration. I hope Drupal does well in the investigation, hopefully the/se hacker(s) is caught.. sometimes they are not which is very unfortunate because they do untold amounts of damage to all kinds of infrastructure.
Kind Regards,
Everett Hello, An employee, or 'insider' is likely to do this type of damage, maybe for job less, etc. However, this is very unlikely but in some cases such attacks as these do occur. Since they announced that the Drupal websites we're not an issue [which is a good thing since a lot of people/businesses use them] I'm sure they take all appropriate measures to investigate thoroughly as to whom or what 'group' it was. People should always be warned that nothing is really 'safe' on the internet, and there are all kinds of attacks that could happen. It's best to take all appropriate measures into consideration. I hope Drupal does well in the investigation, hopefully the/se hacker(s) is caught.. sometimes they are not which is very unfortunate because they do untold amounts of damage to all kinds of infrastructure. Kind Regards, Everett
Are you sure you want to delete this post?