I Survived Drupalgeddon: How Hackers Took Over My Site, What I Did About It, And How You Can Stay Safe


This a comprehensive post-mortem of the Drupalgeddon SQL injection bug as experienced on one of my personal web sites.  In this talk I'll explain in-depth how the SQL injection bug worked.  I'll show the way real hackers used this vulnerability in the wild, and how you can defeat a similar attack on your website.  I'll show how I recovered an infected site, and the new security measures I put in place as a result of this security breach.  Finally, I'll argue that when all is said and done, this has been a good learning experience for our community, and things could have been a lot, lot worse.

Slides: http://slides.com/mattkorostoff/i-survived-drupalgeddon

Code: https://github.com/MKorostoff/drupalgeddon

Blog post: http://mattkorostoff.com/article/I-survived-drupalgeddon-how-hackers-took-over-my-site

Session Track

Drupal Showcase

Experience Level


Drupal Version

When & Where

Wednesday, 13 May, 2015 - 17:00 to 18:00
502A - BlackMesh