drupal加密

If you run a Drupal website without the latest security patches it’s time to update: hackers are using known exploits to install cryptojackers.

如果您在没有最新安全补丁的情况下运行Drupal网站，则该进行更新了：黑客正在使用已知的漏洞来安装cryptojacker。

The website for the San Diego Zoo was hijacking user CPUs to mine cryptocurrency last week. Security researcher Troy Mursch discovered this and 300 other websites—many run by government entities around the world—were highjacked to mine cryptocurrency. Here’s Mursch :

上周，圣地亚哥动物园的网站劫持了用户CPU来挖掘加密货币。 安全研究员Troy Mursch发现了这个问题，另外300个网站(许多由世界各地的政府机构运营)被劫持以开采加密货币。 这是Mursch ：

Yesterday, I was alerted to a cryptojacking campaign affecting the websites of the San Diego Zoo and the government of Chihuahua, Mexico. While these two sites have no relation to each other, they shared a common denominator—they both are using an outdated and vulnerable version of the Drupal content management system. After I analysed the IoCs, I was able to locate over 300 additional websites in this cryptojacking campaign. Many discovered were government and university sites from all over the world.

昨天，我收到了有关黑客攻击活动的警报，该活动影响了圣地亚哥动物园和墨西哥奇瓦瓦州政府的网站。 尽管这两个站点彼此没有关系，但是它们共享一个共同点-它们都使用了Drupal内容管理系统的过时且易受攻击的版本。 在分析了IoC之后，我能够在此加密劫持活动中找到300多个其他网站。 许多发现的是来自世界各地的政府和大学场所。

, which includes the US National Labor Relations Board, the City of Marion, Ohio, and the Turkish Revenue Administration. Even tech companies like Lenovo had this problem.

，其中包括美国国家劳动关系委员会，俄亥俄州马里恩市和土耳其税务局。 甚至像联想这样的科技公司也有这个问题。

Drupal is an open source content management system used by millions of websites. Many webmasters using the protocol aren’t quick when it comes to installing updates, often because of dependency conflicts. This means known exploits are left unpatched, leaving them vulnerable to this kind of code injection.

Drupal是数百万个网站使用的开源内容管理系统。 很多使用该协议的网站站长在安装更新时都不太快，通常是因为依赖冲突。 这意味着已知漏洞没有得到修补，因此容易受到这种代码注入的攻击。

Not a webmaster, but worried about this? Here’s . Google Chrome and other browser should really block this by default, but until they do you have to protect yourself.

不是网站管理员，但对此感到担心吗？ 以下是 。 默认情况下，谷歌浏览器和其他浏览器应该真正阻止此操作，但是在您这样做之前，您必须保护自己。

翻译自:

drupal加密