My site has already been patched, in Drupal FAQ (CVE-2014-3704) is not completely true
سلام
!!Very important!!
Please check this:
https://www.drupal.org/drupalsa05FAQ#comment-9306663
FAQ on SA-CORE-2014-005 is not completely true:
My site has already been patched
We’ve seen many reports where people found that their site had already been patched even though nobody in charge of the site updated the site. This means that the site was compromised via a new entry or an updated entry in the menu_router table, which allowed the attacker to execute commands on the server to patch the site. At this point, the site has been compromised and should probably be taken offline while you assess what to do including forensic review; an audit of all files, code, users, permissions, roles, database content; complying with local regulations and standards including informing users and potentially law enforcement; and remediation or rebuilding the site.
BECAUSE:
At first I think my blog has been compromised by hackers like you said in FAQ but I was wrong just like you!!!! [You will be vulnerable if you do not update.]
Set Fresh Theme on vulnerable site to understand what I said.
Result: “Not vulnerable” doesn’t mean your blog has been compromised by hackers…
So please correct your post!
دیدگاه خود را ثبت کنید
تمایل دارید در گفتگو شرکت کنید؟نظری بدهید!