Article ID: 123358, created on Oct 30, 2014, last review on Jun 17, 2016

  • Applies to:
  • Plesk


Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection.

You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

Simply updating to Drupal 7.32 will not remove backdoors.


NOTE: It is strongly advised to change all the passwords for the application instance.

If you have backup created before Oct 15th, 11pm UTC:

  1. Go to Websites & Domains > Backup Manager and restore virtual host content and database.

  2. Update Drupal installation to version 7.32:

    a. If Drupal is installed as an Plesk application, go to Subscriptions > Applications > Manage My Applications and click on "Update avaliable" button, see screenshot:

    Note: New version availability is being checked by daily Maintenance Script in Plesk. If you still does not see "Update avaliable" button please check that Daily Maintenance script works fine.

    b. If Drupal is installed not through Plesk application vault, but manually, follow Drupal upgrade guide.

    Note: If you are unable to update to Drupal 7.32 you can apply this patch to Drupal's file to fix the vulnerability until such time as you are able to completely upgrade to Drupal 7.32.

If you have no backup:

Follow the steps that are described in the "Recovery" section of the following Drupal site.

a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF