I Survived Drupalgeddon: How Hackers Took Over My Site, What I Did About It, And How You Can Stay Safe
This a comprehensive post-mortem of the Drupalgeddon SQL injection bug as experienced on one of my personal web sites. In this talk I'll explain in-depth how the SQL injection bug worked. I'll show the way real hackers used this vulnerability in the wild, and how you can defeat a similar attack on your website. I'll show how I recovered an infected site, and the new security measures I put in place as a result of this security breach. Finally, I'll argue that when all is said and done, this has been a good learning experience for our community, and things could have been a lot, lot worse.
Slides: http://slides.com/mattkorostoff/i-survived-drupalgeddon
Code: https://github.com/MKorostoff/drupalgeddon
Blog post: http://mattkorostoff.com/article/I-survived-drupalgeddon-how-hackers-took-over-my-site