[Service-advisories] Drupal Forward Module Moved from Sites Directories

Alfredo Lopez alfredo at mayfirst.org
Sat Jun 27 21:38:19 EDT 2009


Servers affected: albizu chavez eagle jones julia june lucy malcolm  
mandela menchu roe viewsic zapata
Date: 2009-06-27

The program that caused the exploitation on Malcolm is the Drupal  
"forward" module. There has been an advisory about the dangers of the  
module since Marh 11 but most of our member sites haven't upgraded to  
cope with that problem. Because the danger is so serious we are taking  
steps to protect the affected servers.

We are identifying all sites using the problem module and moving the  
module out of the web directory and into the primary user's home  
directory . This will disable the module. Members should download the  
latest version of the module and install that or be in touch with our  
staff to get help. You're being asked to *not* reinstall the version  
of the module you have on your sites.



More information about the Service-advisories mailing list