Acquia’s Response to the October 15 Drupal Security Alert

October 31, 2014
1

Acquia is committed to ensuring the security and performance of our customers’ sites.

On October 15, the Drupal Security team announced that all Drupal 7 sites are highly vulnerable to attack due to a SQL Injection vulnerability. At Acquia we deployed a platform-wide "shield" that protected all of our thousands of customer sites hosted on Acquia Cloud from the moment the security announcement was issued. The Acquia team worked tirelessly to prep for the formal announcement and had the shield in place immediately to protect customers.

Acquia proactively responded to the threats outlined in the Oct. 15, 2014, Drupal Security Advisory, ensuring no site on the Acquia Cloud Platform was at risk.

Our customers’ sites remained 100 percent functional for visitors and content editors at all times and no site availability or performance was ever compromised.

At no time were any sites on the Acquia Cloud Platform affected by the attacks. Acquia also delivered the official Drupal security patch to all sites on Acquia Cloud and to those sites it manages through remote administration. Drupal sites not hosted by Acquia may have been affected and were advised by the drupal.org security team to patch their own sites immediately.

We’re sharing this insight to affirm how Acquia protected its customers from this vulnerability.

What Happened

On Wednesday, 15 October 2014, drupal.org announced a highly critical security update for Drupal 7.x core that advised all users to immediately update to version 7.32 due to an SQL Injection vulnerability.

What did Acquia Do?

Acquia deployed a platform-wide “shield” which protected all sites hosted on Acquia Cloud against the SQL Injection vulnerability. NO customer was negatively affected and site performance remained optimal. Acquia customers who self-host their sites off of the Acquia Cloud were patched through remote administration fixes.
After taking the necessary attempts to secure and protect our customers, Acquia’s support and operations teams took additional actions to make sure every customer site was protected and operational.

What are we doing moving forward?

Acquia Cloud customers should update their Drupal 7 sites to Drupal 7.32 knowing that while the platform-wide shield is keeping them safe from attacks they need to upgrade. Feel free to direct any questions regarding the upgrade to Acquia Support.

For More Details:

Shields Up!
Learning from hackers a week after the Drupal SQL Injection Announcement
Acquia Help Center advisory

Who can you call?

Acquia customers with questions about the status of their sites should contact their Account Managers or Acquia Support:

North America Phone: 888-922-7842
Phone from European support regions: +44 -1865-520-011
Phone from Australia +61 284 168 021

Media inquiries may be sent to pr (at) acquia.com, or call +1 781 238 8645

Online: Submit a ticket or post a forum question

Sign-up for our Developer Blog Newsletter

Thanks!

Add comment

By submitting this form, you accept the Mollom privacy policy.