Oh no – another cyber-attack that small businesses need to worry about. Last week’s news that Drupal had a significant bug hit the media. Drupal is an open source website software with a significant number of installations. Large corporate sites as well as small business sites run on Drupal. It is one of the top three website software products in use (the others are WordPress and Joomla).
Drupal issued a security warning that a vulnerability was found in versions 7 up to (not including) version 7.32.
If your site was attacked (and you did not have the patch installed immediately upon release), an attacker can copy all the data from your site. Or the attacker could place a backdoor on your system to penetrate it later. If your site is hosted on the same server as your network, the attacker can search your network and obtain data from it.
Cyber criminals also use websites as means to distribute malware to site visitors. Not only will your visitors get infected, the search engine companies may blacklist your site off searches until you clean up the malware distribution coding.
How do I know what website software my site uses
You are busy running a business and may not know what software your website is using. With cyber-attacks coming from myriad directions, you might want to create a log of all software used, if you don’t already have a list. To find out what software your site is using, you can:
- Ask your website developer or hosting company
- Search the internet with a question such as “how to tell what software a website is running” – several tools exist to help you
Take your site offline, reinstall your backup version from before October 15, 2014 and apply the patch. You will need to redo any changes made between your restored version and the date of restoration. And applaud yourself for having a backup!
If you don’t have a backup, you will need to have a cyber security specialist check your site for vulnerabilities. It may not be obvious that an attacker penetrated your site.
If your site is hosted with others and one of those sites was compromised, a backdoor may have been installed that could affect your site. Ask your systems administrator about it. Unfortunately, small website developers running their own servers may not be as cyber security focused as needed. Have a conversation with your developer or administrator to make sure your site is protected.
Note that large hosting companies usually have strong security measures and teams that monitor attacks. If your hosting service agreement does not include the security service, consider adding it immediately.
Are there Safer Options?
Is one website software package better than another? Unfortunately, no. All the major players have a lot of installations and work hard to find vulnerabilities ahead of the criminals and issue patches. The safe solution for a secure website is security diligence – either by your cyber security trained technical staff or a reputable host company coupled with constant vigilance.