Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Early today an anonymous user was able to modify the title and alt text fields attached to a file entity that was a link to a YouTube video. I cannot figure out which module allowed the intrusion, but suffice to say that only specific roles have permission to add/edit files, use the internet_sources, youtube, media, file_entity, and other modules that might be related to this breach.
The hack came from 5.188.211.11, a domain registered in St. Petersburg, Russia. The log entry follows:
Type file
Date Sunday, February 19, 2017 - 1:37am
User Guest
Location [homepage]
Referrer [path]/edit?destination=kc-home-page
Message Video: updated JimmiXzSw.
Severity notice
Hostname 5.188.211.11
I found some reports of hacks from this domain beginning in January.
Comments
Comment #2
cilefen CreditAttribution: cilefen commentedSee https://www.drupal.org/node/101494