![]() For Drupal site owners, this means that it’s important they secure their sites and ensure they have an up-to-date WAF. Several sources have predicted that injection vulnerabilities will continue to grow in number, largely because it’s possible to make money with these attacks. Learn more about Drupal Cloud Hosting with Superior WAF Protection. A properly configured WAF from a hosting provider like Nexcess would have been able to prevent this attack from taking place. While Drupalgeddon3 was just as severe as Drupalgeddon2, it actually resulted in fewer recorded attacks due to requiring the attacker to be authenticated on the attacked host. Again, this was a code execution vulnerability that led to site takeovers. Again attacking the form API, this flaw resided in the destination parameter. Druaplgeddon3ĭrupalgeddon3 then struck in late April. Once discovered, the introduction of a new WAF rule by Nexcess meant that this exploitation was quickly stopped for our clients. In 2018, it was found that only 11% of 2018’s identified vulnerabilities came from Drupal, far below the number attributed to WordPress. ![]() According to research by Imperva, Drupal is more secure than most other popular web applications, including WordPress, Magento, and Joomla. At its foundation lies a stable source code with limited vulnerabilities and a sizeable support community.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |