Drupal 7, Drupal Commerce, PHP, GoDaddy hosting

  • SHARE:

Secure and Serviceable

A sports tournament management company ran a registration and apparel store which had a security incident. The site was deployed with Drupal 7/Drupal Commerce, which at the time was vulnerable to a file upload injection attack. When the client attempted to restore the site from a backup using the GoDaddy hosted backup tools, the recovered site product management features were buggy and the theme was broken.

TechSlice was engaged to resolve the buggy issues and fix the broken theme. We identified that the recovery method in use had not only failed to restore fully site functionality, but that the vulnerable code path was still present, and the malicious code was still present in the recovered upload folder. After safely removing the malicious code and patching the vulnerability, we began resolving the broken Drupal 7 functions.

The Drupal plugins as recovered and the site database were out of sync, which required manual correction in the database. This state was also preventing image caching, which is why the theme was broken. Resolving these database issues and clearing all caches allowed the site to resume full functionality.

Finally, we resolved several issues with Drupal plugins which were using deprecated PHP code features, and cleaned up site logging to more accurately identify areas of concern.