קשה לפרוץ אתרי דרופל? האקרים בוחנים את תמימותך

אמיר סימן טוב | ביום ו', 02/18/2011 - 01:05

צוות האבטחה הבינלאומי של קהילת דרופל שלח לפני שעה קלה הודעה אודות ניסיון להונות בעלי אתרי דרופל באמצעות שהתחזה כמגיע מהצוות עצמו. טרם ראיתי את ההודעה בדרופל.אורג עצמו, אז אני מקווה שההודעה עצמה אינה עבודה בעיניים בסגנון הפוך על הפוך :)

להלן המלל שנשלח בו מוסבר על הניסיון

וכן איך להימנע ממנו ממנו בעתיד. תרגום החלק החשוב אודות ניסיון הפריצה מופיע בבלוג שלח בנושאי **[דרופל](http://practicall.co.il/1/zcyc)**.

אמיר

This is a public service announcement regarding a recent social engineering
attack via the following mail purporting to come from the Drupal security
team.
>Hello, I am a member of the Drupal security team. Our installation records
>show that your site runs Drupal on PHP [version] and [server]. We have
>recently found a security problem with that configuration which could allow
>a hacker to get into the site and delete any posts they want. We have not
>posted anything about this yet publicly as we want to get this patch out to
>as many people as possible first. We have developed a patch for this bug -
>all you need to do is upload this file to your site in the
>sites/default/files/ folder (do not change the name of the file) and Drupal
>will see it and install it for you. We recommend you do this as soon as
>possible. Sincerely, James Drupal security team
The mail was sent with Drupal Security as the
(easily-forged) "From" address. It also contained an attachment that was said
to be a patch that had to be uploaded and installed. Needless to say that
this file contained code to make the system accessible from the outside. If
you received a message like the above, do not upload the attached file. How
the Drupal Security Team communicates:
1) The Security Team does not supply patches to sites.
2) The Security Team will never ask site administrators to upload random
files to their site. We only recommend to update to latest core or
contrib releases downloaded from drupal.org.
3) The Security Team officially uses three forms of communication for Drupal
Security Advisories; the update report in your Drupal installation, the
posts and RSS feed on http://drupal.org/security, and the newsletter
available from your Drupal.org user page. The Drupal Security Team does
not publish to a Twitter feed or provide any other official communication
channel.
4) The Security Team will never ask for passwords for your host or your
Drupal install.

If you receive communications from someone saying they are a member of the
Security Team and their request is questionable, please forward the email to
the team at security@drupal.org.

תגובות