A hacked neglected site, Pantheon migration, and why you need a Drupal Site Assessment

Parent Feed: 

We recently had a new client contact us and ask if we could move their sites over to Pantheon so they could do some in-house development work. Of course we can do that for you! We recommended doing a Site Assessment for them, just to make sure we know what we're dealing with. Our Site Assessment gives us a good understanding of the state of a client's current site.

It is not only in Freelock's best interest, but the client's as well, to know what we're getting into before we can even set reasonable expectations of what it will take to change. So, we typically start out with the assessment and review before doing any work on a new site.

But, our client was hesitant to purchase the Site Assessment, which would not only be helpful for their IT staff, but also extremely beneficial to their upper management. So, we began the process of flying blind with the site migration. Then, all of a sudden, we ended up running into so many critical problems, that we were surprised their website had been so neglected in the first place!

It turns out that our client's site had been hacked. While it had been patched for the "Drupalgeddon" Drupal core security patch of October 2014, we found malicious code embedded in the Drupal core. This underscores the importance of regular site maintenance, which Freelock offers to over 30 of our clients.

It also turns out that we were not dealing with one "domain access" site as we had been told, but really 3 "multi-sites" under a single shared code base, a configuration Pantheon explicitly does not support. So, in addition to finding malicious code on all of their sites, we found that the project involved not setting up 2 sites in Pantheon, but 4!

We ended up cleaning the core hacks we found... but at this point we still don't know if the hacker left any back doors on our client's sites that might allow them future access. We stressed the importance to analyze all of their sites, to be able to give them an answer, with any confidence, on whether they are still vulnerable or not. Unfortunately, we still have not heard back....

With a site assessment we dig deep into the site to detect whether or not it has been hacked, including scanning the database for executable code, comparing all module code against known good copies, and evaluating whether the environment is set up to properly withstand attacks.

We see this time and time again. A client comes to us either in an emergency, or wanting some specific one-off job done (which we love taking care of!!), but they don't want to put the time in to investigate the root cause of the problems with their site, or use the budget to apply permanent fixes for those problems. Having a good understanding of the current state of your site, and mitigating for those risks ahead of time, will save a lot of time and energy in the long run for clients whose lifeblood are their websites.

We've found that some of our most successful clients know exactly what is under the hood of their websites, engage development personnel often, keep their websites up-to-date, and constantly reinvest a percentage of their website revenue (generally 1-10%) to keep their site fresh and responsive. Sometimes this takes in-house personnel who are exceptional at development, or in our case, creating a longterm partnership with us to help you achieve your business goals through building and refining your website presence. We encourage you to contact us and build a longterm partnership to help you realize your website's potential!

Author: 
Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web