Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
This sandbox module provides simple and fast check for Drupageddon exploits seen in the wild for administrators without Drush. It is based on drupalgeddon-7.x-1.x-dev code (https://www.drupal.org/project/drupalgeddon), which has been modified for using without Drush.
There are many hacked websites on shared webhosting and managed VPS, where administrators have only FTP access. They can not use Drush. I personally have only FTP access to my sites, so I prepared emergency help module for people like me. I hope it helps.
Module tests:
- menu_router table
- user names
- roles
- Drupal core 7.32 unknown php file names - searching for all extra php files (sites/* folders are not tested!)
Usage:
- Download form git:
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/martin_klima/test_drupageddon.git test_drupageddon
cd test_drupageddon- enable module
- see test result at http://example.com/admin/config/development/test_drupageddon
Recomendation:
- Check contents of all *.php files for strings "eval(" and "@$_COOKIE[" via FTP client in folders sites/* and sites/*/files.
Project information
- Module categories: Security
- Created by martin_klima on , updated
