Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By drupalquestion on
We’re rebuilding a site based on the recent Drupal security announcement found at https://www.drupal.org/PSA-2014-003.
I’m curious whether the community has any opinion of the process we plan to use.
The plan is as follows:
- Restore a backup from before the vulnerability was announced
- Update Drupal core and patch this pre-vulnerability backup
- Get this backup up-to-date by exporting the newest content from the live site using this module: https://www.drupal.org/project/node_export
- Search for scripts in the export
- Review all scripts for malicious code
- Import this export from the live site to the backup site
I'm wondering if the community thinks this looks like a reasonable and proper approach.
Comments
That sounds okay to me. I
That sounds okay to me. I would probably follow a similar process. Additionally, I would make sure none of the nodes I'm exporting to the "clean" database use the PHP filter. In fact, on the restored website, I would disable the PHP module all together (if this is feasible).
I recommend using the module Security Review (https://www.drupal.org/project/security_review) to quickly check which nodes use the PHP filter. It also gives a nice audit on other potential security issues on your site.
Also, the module Hacked! (https://www.drupal.org/project/hacked) is great for checking if any of your code has been tampered with.