[Service-advisories] Drupal Forward Module Moved from Sites Directories
Alfredo Lopez
alfredo at mayfirst.org
Sat Jun 27 21:38:19 EDT 2009
Servers affected: albizu chavez eagle jones julia june lucy malcolm
mandela menchu roe viewsic zapata
Date: 2009-06-27
The program that caused the exploitation on Malcolm is the Drupal
"forward" module. There has been an advisory about the dangers of the
module since Marh 11 but most of our member sites haven't upgraded to
cope with that problem. Because the danger is so serious we are taking
steps to protect the affected servers.
We are identifying all sites using the problem module and moving the
module out of the web directory and into the primary user's home
directory . This will disable the module. Members should download the
latest version of the module and install that or be in touch with our
staff to get help. You're being asked to *not* reinstall the version
of the module you have on your sites.
More information about the Service-advisories
mailing list