Drupalgeddon 2.0 Affects YOU

It's important to understand... big or small, you are no exception to this exploit. If for no other reason, your site will be hacked to have a backdoor installed. You'd never even know about it until something very bad happens. You may find your private data (or even worse... your customers' data) posted somewhere on the public web. Your site may be used to launch attacks against other sites (e.g. DDOS). Your computer and/or server(s) may be taken over and used for their computing resources (e.g. cryptocurrency mining). You may find your site displaying offensive material. The list of really bad things goes on and on.

We can help  

Hosting Is Key

Why are Thinkbean clients already protected from this security vulnerability (as well as from Drupalgeddon 1.0) - even before it was made public knowledge? Because where and how your Drupal installation is hosted is one of the major factors in determining your vulnerability to this exploit. Thinkbean hosts its clients' sites only with the very few, very select, Drupal-centric hosting providers which have proven histories of proactively protecting Drupal sites from this and other major security vulnerabilities.

There are plenty of cheap hosting providers that offer "Drupal" hosting solutions. We've evaluated those solutions in practice and we would never trust a client's site to them. Our hosting solutions are specifically optimized for Drupal installations and absolutely customized to fit a particular client's requirements. Whether it's HIPAA compliance, e-commerce, 3D rendering, a combination of all three, etc., our clients pay only for what they need... and nothing they don't. Plus, they appreciate a single point-of-contact for their Drupal installation needs.
More about hosting

Would you like to never have to worry about Drupalgeddon 1.0, 2.0, etc. security issues again?

Let Thinkbean's genuine, certified Drupal experts safeguard your mission-critical Drupal site.

Protect My Site!

Security Update Timing Is Critical

If you are not on a protected platform (and there aren't many), it is critical developers perform the security updates within hours of their releases. Our security update process involves senior Drupal developers who thoroughly understand the current state of your website, the maintenance and update needs of your site relative to security concerns, and then implementing changes in a methodical process using a multi-tier release workflow, which minimizes downtime and ensures your live site is secure.

Not Just A Button-Push

You can't just push a button and - Presto! - the update is done. Most Drupal sites are built on Drupal for a reason... they are mission-critical applications with many moving parts and have, at least, some degree of customization. One little update could easily break (or take down) your site! Drupal site owners can't risk the "try it and see what happens" approach. Trust only your certified, expert Drupal developer to properly perform the updates required to keep your business' most important asset running smoothly.

Some Drupalgeddon 2.0 Bullets

Here are some of the major takeaways:

  • If your site was not updated by 04.11.18 (at the absolute latest), consider your site compromised. Restore it from a backup from 03.27.18.
  • If you don't have a backup, talk to a developer about your options.
  • Vulnerable sites will be hacked if for no other reason than for the hacker to obtain a vector.
  • Attempting to sanitize your site is resource-prohibitive (time, effort, money) and will not guarantee your site is secure.
  • DST risk score 25/25 - the highest possible urgency.
  • Bots attack any vulnerable site, regardless of “importance” or “size”.
  • The vulnerability is being actively exploited, at present (likely, millions of daily attempts).
  • ...and the list goes on. Read this blog post for full details.

Sadly, we often on-board new clients who are completely unaware they are hacked until we perform our site audit. The resultant exposure causes cascading effects which could be and should be avoided. Our objective and thorough auditing process ensures you'll never be one of those cases.

Don't Become A Casualty

It is difficult (in the extreme) to re-gain a customer's faith, once lost. Compromised sites which expose confidential data have a massive, up-hill battle to win back their customer base. Don't let it happen to you... especially because it doesn't have to if you employ an expert Drupal development company. Drupal-centric hosting with built-in immunity from Drupalgeddon 1.0, 2.0, etc. is not nearly as costly as you might imagine. Working with Thinkbean's team of enthusiastic, highly-dedicated and certified Drupal experts has myriad advantages. You focus on your business. Let us focus on your Drupal installation.

Thinkbean is the premier Drupal development agency in Boston. Our team of Drupal experts proactively monitors clients' sites, enabling businesses to focus on business - not on the security and integrity of their Drupal installations.

Recent Blogs

This article was written to help you feel comfortable in approaching and evaluating software agencies for your next web application project.

Websites are invaluable to your company’s image and, potentially, the entire business. Finding the right partner to help you conceive and build out your website can be daunting as there are major consequences for choosing the wrong one.

How can you tell a good agency from a less than stellar one? What exactly am I looking for? How do I explain what I want and/or need?

The internet is an amazing medium for building applications. Whether it’s a simple marketing site, or a sophisticated business solution… these applications are accessible on just about any device with an internet connection.

A Content Management System (CMS), like Drupal, is a popular choice as the foundation for many of these applications.