SlideShare a Scribd company logo

Fix Hacked Drupal with GIT

Wong Hoi Sing Edison
Wong Hoi Sing Edison

[HKDUG] #20180512 - Fix Hacked Drupal with GIT

Technology
1 of 50
Download to read offline
Hong Kong Drupal User Group (HKDUG) Fix Hacked Drupal with GIT HKDUG Meetup 2018 May 12th
Edison Wong ● 2005 - Drupal Developer & Contributor – https://drupal.org/user/33940 ● 2008 - HKDUG Co-founder – https://groups.drupal.org/drupalhk ● 2010 - CEO, PantaRei Design – hswong3i@pantarei-design.com
PantaRei Design ● Everything Changes and Nothing Remains Still ● Reinvent Enterprise with Open Source Software and Cloud Computing ● Hong Kong based FOSS service provider – Content Management System (CMS) with Drupal – Cloud Hosting Solution with Amazon Web Services (AWS) – Team collaborate solution with Atlassian ● Business Partner with industry leaders – 2012, AWS Consulting Partner – 2013, Acquia Partner – 2013, Atlassian Experts – 2014, Rackspace Hosting Partner ● http://pantarei-design.com
Hong Kong Drupal User Group ● The Hong Kong Drupal User Group are open to everyone with an interest in Drupal and are a great opportunity to learn more about what Drupal can do and what folks are building with it. ● Drupal is a free software package that allows you to easily organize, manage and publish your content, with an endless variety of customization. – Event organizing: http://www.meetup.com/drupalhk – Technological discussion: https://groups.drupal.org/drupalhk – Business connection: http://www.linkedin.com/groups/?gid=6644792 – General sharing: https://www.facebook.com/groups/drupalhk
Outline ● Why Your Drupal Being Hacked? ● What Happen If Being Hacked? ● How to Figure It Out? ● What You Need for Fixing It? ● Fix a Hacked Drupal with GIT
Why Your Drupal Being Hacked? ● Main Reason: No Maintenance and Upgrade – All software with potential bugs or security issues – All software needs regular maintenance and upgrade ● e.g. your private car also need annual mantenance ● Drupal security team will announce if security issues figure out to public, usually with patches – BTW, both site owner and hacker could get this information – So you will need to upgrade your site before hacker come ● https://www.drupal.org/security
What Happen If Being Hacked? ● Today, usually you could feel your site become very slow, or even unresponsible – Because today hacker usually use your hacked machine for Bitcoin Mining – This give hacker direct benefit – This will use up your CPU, Memory, Disk I/O and Bandwidth ● For sure, you may lose your data – If your site with valueable assest – This give hacker indirect benefit – Hacker need to find a way to utilize the hacked data ● Sometime, hacker may redirect your user to somewhere else – e.g. A password reset page, or update payment method page, etc – Again, this give hacker indirect benefit
How to Figure It Out? ● Umm... If your site suddently become unresponsive ● Check your machine loading – e.g. `ps aux`, `htop`, `bmon`, etc – Try to kill those unexpected processes, sometime they may auto rerun again and again ● Check your DocumentRoot structure – Usually some unexpected files should appear – Some hacker even write down “Hacked by xxx” inside those files...
What You Need for Fixing It? ● Linux – Here I use Ubuntu 18.04 ● Apache, PHP-FPM, MySQL – As like as your production server setup – https://symfony.com/doc/current/setup/web_server_configur ation.html#using-mod-proxy-fcgi-with-apache-2-4 ● PHP-CLI with Composer ● Drush ● GIT
Fix a Hacked Drupal with GIT ● Stop Public Access ● Stop Illegal Process ● Backup ● Compare with GIT ● Reduce Different ● Migrate Usefule Files ● Restore Database ● Upgrade Legacy Core and Modules
Stop Public Access ● Stop production server Apache ● Setup firewall only allow your incoming SSH access ● Also try to stop outgoing traffic if possible
Stop Illegal Process ● Check with `htop`, `top` or `ps aux` ● Figure out high loading process ● If process looks strange, try to find its location, read and understand it (by Googling) ● Try to kill it – Sometime it may rerun, which means another background cronjob/daemon is running for it, you will also need to kill them, too
Backup ● Backup both Drupal source code and database – Hopefully you may also have regular backup, too ● DON’T DIRECTLY FIX YOUR LIVE COPY WITHOUT BACKUP!!
Compare with GIT ● Figure out which version of Drupal are using ● Download a clean copy from drupal.org ● Extract the clean source code ● `git init && git add --all --force` ● `git commit -am ‘initial healthy drupal-7.5.4’` ● Symlink the healthy .git folder to hacked version ● `git status` – Now you could see which files being add/changed ● `git diff -w -b -M HEAD` – This show you the differences
Reduce Different ● Some file may be missing out from either version, copy back-and- forth to reduce the differencies, e.g. – CHANGELOG.txt, README.txt, etc – Your custom module and theme ● Sometime you may need to recover from your healthy backup version too ● Other modules may also need to download from drupal.org for compare ● Again, go to the healthy version and commit changes, then diff from hacked version again and again
Migrate Usefule Files ● Some files may not related to code changes, e.g. – sites/default/settings.php – sites/default/files ● Copy them from hacked version to healthy version ● Remember to scan those folder if coming with illegal *.php files, and remove it, e.g. – `find sites/default -type f -name ‘*.php’`
Restore Database ● If everything looks good your could now restore your database ● Try to access the website, it should basically works now
Upgrade Legacy Core and Modules ● Final step, upgade all legacy core and modules into latest stable ● Its time to restore the healthy version to production server ● https://github.com/drustack/drustack-standa rd/blob/7.x/composer.json
Q&A
I Need More Help! ● Read documents from Drupal Community – https://drupal.org/documentation ● Join Hong Kong Drupal User Group – Event organizing: http://www.meetup.com/drupalhk – Technological discussion: https://groups.drupal.org/drupalhk – Business connection: http://www.linkedin.com/groups/?gid=6644792 – General sharing: https://www.facebook.com/groups/drupalhk ● Contact us for one (1) month free-trial support service – http://pantarei-design.com/services/support/#support-service-plans
Address: Unit 326, 3/F, Building 16W No.16 Science Park West Avenue, Hong Kong Science Park, Shatin, N.T. – Phone: +852 3576 3812 – Fax: +852 3753 3663 – Email: sales@pantarei-design.com – Web: http://pantarei-design.com Contact us

Recommended

Drupal in 5mins + Previewing Drupal 8.x
Drupal in 5mins + Previewing Drupal 8.xDrupal in 5mins + Previewing Drupal 8.x
Drupal in 5mins + Previewing Drupal 8.xWong Hoi Sing Edison
 
Drush for humans - SANDcamp 2013
Drush for humans - SANDcamp 2013Drush for humans - SANDcamp 2013
Drush for humans - SANDcamp 2013Jon Peck
 
Internet Archive at Open Video Conference 2009
Internet Archive at Open Video Conference 2009Internet Archive at Open Video Conference 2009
Internet Archive at Open Video Conference 2009tracey jaquith
 
PyConFR 2014 - DEPOT, Story of a file.write() gone wrong
PyConFR 2014 - DEPOT, Story of a file.write() gone wrongPyConFR 2014 - DEPOT, Story of a file.write() gone wrong
PyConFR 2014 - DEPOT, Story of a file.write() gone wrongAlessandro Molina
 
Make JavaScript Lean, Mean, and Clean
Make JavaScript Lean, Mean, and CleanMake JavaScript Lean, Mean, and Clean
Make JavaScript Lean, Mean, and CleanBlue Raster
 
Optimizing Your Frontend Performance
Optimizing Your Frontend PerformanceOptimizing Your Frontend Performance
Optimizing Your Frontend PerformanceThomas Weinert
 
Drush Aegir & Drush, Drupal Roadshow Austria
Drush Aegir & Drush, Drupal Roadshow AustriaDrush Aegir & Drush, Drupal Roadshow Austria
Drush Aegir & Drush, Drupal Roadshow AustriaIztok Smolic
 
EP2016 - Moving Away From Nodejs To A Pure Python Solution For Assets
EP2016 - Moving Away From Nodejs To A Pure Python Solution For AssetsEP2016 - Moving Away From Nodejs To A Pure Python Solution For Assets
EP2016 - Moving Away From Nodejs To A Pure Python Solution For AssetsAlessandro Molina
 

Recommended

Drupal in 5mins + Previewing Drupal 8.x
Drupal in 5mins + Previewing Drupal 8.xDrupal in 5mins + Previewing Drupal 8.x
Drupal in 5mins + Previewing Drupal 8.xWong Hoi Sing Edison
 
Drush for humans - SANDcamp 2013
Drush for humans - SANDcamp 2013Drush for humans - SANDcamp 2013
Drush for humans - SANDcamp 2013Jon Peck
 
Internet Archive at Open Video Conference 2009
Internet Archive at Open Video Conference 2009Internet Archive at Open Video Conference 2009
Internet Archive at Open Video Conference 2009tracey jaquith
 
PyConFR 2014 - DEPOT, Story of a file.write() gone wrong
PyConFR 2014 - DEPOT, Story of a file.write() gone wrongPyConFR 2014 - DEPOT, Story of a file.write() gone wrong
PyConFR 2014 - DEPOT, Story of a file.write() gone wrongAlessandro Molina
 
Make JavaScript Lean, Mean, and Clean
Make JavaScript Lean, Mean, and CleanMake JavaScript Lean, Mean, and Clean
Make JavaScript Lean, Mean, and CleanBlue Raster
 
Optimizing Your Frontend Performance
Optimizing Your Frontend PerformanceOptimizing Your Frontend Performance
Optimizing Your Frontend PerformanceThomas Weinert
 
Drush Aegir & Drush, Drupal Roadshow Austria
Drush Aegir & Drush, Drupal Roadshow AustriaDrush Aegir & Drush, Drupal Roadshow Austria
Drush Aegir & Drush, Drupal Roadshow AustriaIztok Smolic
 
EP2016 - Moving Away From Nodejs To A Pure Python Solution For Assets
EP2016 - Moving Away From Nodejs To A Pure Python Solution For AssetsEP2016 - Moving Away From Nodejs To A Pure Python Solution For Assets
EP2016 - Moving Away From Nodejs To A Pure Python Solution For AssetsAlessandro Molina
 
Configure python and wsgi
Configure python and wsgiConfigure python and wsgi
Configure python and wsgiSitthykun LY
 
Speed up Drupal development with Drush
Speed up Drupal development with DrushSpeed up Drupal development with Drush
Speed up Drupal development with Drushkbasarab
 
Further Resources - Drupal training
Further Resources - Drupal trainingFurther Resources - Drupal training
Further Resources - Drupal trainingPedro Cambra
 
Http client
Http clientHttp client
Http clientYAMANE Toshiaki
 
Slightly Advanced Topics in Gutenberg Development
Slightly Advanced Topics in Gutenberg Development Slightly Advanced Topics in Gutenberg Development
Slightly Advanced Topics in Gutenberg Development Caldera Labs
 
Introduction to Moodle Development
Introduction to Moodle DevelopmentIntroduction to Moodle Development
Introduction to Moodle Developmentmoorejon
 
Headless approach and Acquia - Case study - Chris Ozog
Headless approach and Acquia - Case study - Chris OzogHeadless approach and Acquia - Case study - Chris Ozog
Headless approach and Acquia - Case study - Chris OzogDrupalCamp Kyiv
 
Improving the MODX Documentation - March 29, 2019
Improving the MODX Documentation - March 29, 2019Improving the MODX Documentation - March 29, 2019
Improving the MODX Documentation - March 29, 2019Mark Hamstra
 
Face your fears: Drush and Aegir
Face your fears: Drush and AegirFace your fears: Drush and Aegir
Face your fears: Drush and AegirIztok Smolic
 
HTML, CSS & Javascript Architecture (extended version) - Jan Kraus
HTML, CSS & Javascript Architecture (extended version) - Jan KrausHTML, CSS & Javascript Architecture (extended version) - Jan Kraus
HTML, CSS & Javascript Architecture (extended version) - Jan KrausWomen in Technology Poland
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Free jQuery Grid Plugin - jQGrid
Free jQuery Grid Plugin - jQGridFree jQuery Grid Plugin - jQGrid
Free jQuery Grid Plugin - jQGridprowebguru
 
Cache in Chromium: Disk Cache
Cache in Chromium: Disk CacheCache in Chromium: Disk Cache
Cache in Chromium: Disk CacheChang W. Doh
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 
Hong Kong Drupal User Group - 2014 March 8th
Hong Kong Drupal User Group - 2014 March 8thHong Kong Drupal User Group - 2014 March 8th
Hong Kong Drupal User Group - 2014 March 8thWong Hoi Sing Edison
 
Open source projects with python
Open source projects with pythonOpen source projects with python
Open source projects with pythonroskakori
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Drupal Best Practices
Drupal Best PracticesDrupal Best Practices
Drupal Best PracticesMukesh Agarwal
 
Configuration Kits - DrupalCamp NYC 2021
Configuration Kits - DrupalCamp NYC 2021Configuration Kits - DrupalCamp NYC 2021
Configuration Kits - DrupalCamp NYC 2021Martin Anderson-Clutz
 
Drupal + composer = new love !?
Drupal + composer = new love !?Drupal + composer = new love !?
Drupal + composer = new love !?nuppla
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depthKathryn Carruthers
 

More Related Content

What's hot

Configure python and wsgi
Configure python and wsgiConfigure python and wsgi
Configure python and wsgiSitthykun LY
 
Speed up Drupal development with Drush
Speed up Drupal development with DrushSpeed up Drupal development with Drush
Speed up Drupal development with Drushkbasarab
 
Further Resources - Drupal training
Further Resources - Drupal trainingFurther Resources - Drupal training
Further Resources - Drupal trainingPedro Cambra
 
Slightly Advanced Topics in Gutenberg Development
Slightly Advanced Topics in Gutenberg Development Slightly Advanced Topics in Gutenberg Development
Slightly Advanced Topics in Gutenberg Development Caldera Labs
 
Introduction to Moodle Development
Introduction to Moodle DevelopmentIntroduction to Moodle Development
Introduction to Moodle Developmentmoorejon
 
Headless approach and Acquia - Case study - Chris Ozog
Headless approach and Acquia - Case study - Chris OzogHeadless approach and Acquia - Case study - Chris Ozog
Headless approach and Acquia - Case study - Chris OzogDrupalCamp Kyiv
 
Improving the MODX Documentation - March 29, 2019
Improving the MODX Documentation - March 29, 2019Improving the MODX Documentation - March 29, 2019
Improving the MODX Documentation - March 29, 2019Mark Hamstra
 
Face your fears: Drush and Aegir
Face your fears: Drush and AegirFace your fears: Drush and Aegir
Face your fears: Drush and AegirIztok Smolic
 
HTML, CSS & Javascript Architecture (extended version) - Jan Kraus
HTML, CSS & Javascript Architecture (extended version) - Jan KrausHTML, CSS & Javascript Architecture (extended version) - Jan Kraus
HTML, CSS & Javascript Architecture (extended version) - Jan KrausWomen in Technology Poland
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Free jQuery Grid Plugin - jQGrid
Free jQuery Grid Plugin - jQGridFree jQuery Grid Plugin - jQGrid
Free jQuery Grid Plugin - jQGridprowebguru
 
Cache in Chromium: Disk Cache
Cache in Chromium: Disk CacheCache in Chromium: Disk Cache
Cache in Chromium: Disk CacheChang W. Doh
 

What's hot (13)

Configure python and wsgi
Configure python and wsgiConfigure python and wsgi
Configure python and wsgi
 
Speed up Drupal development with Drush
Speed up Drupal development with DrushSpeed up Drupal development with Drush
Speed up Drupal development with Drush
 
Further Resources - Drupal training
Further Resources - Drupal trainingFurther Resources - Drupal training
Further Resources - Drupal training
 
Http client
Http clientHttp client
Http client
 
Slightly Advanced Topics in Gutenberg Development
Slightly Advanced Topics in Gutenberg Development Slightly Advanced Topics in Gutenberg Development
Slightly Advanced Topics in Gutenberg Development
 
Introduction to Moodle Development
Introduction to Moodle DevelopmentIntroduction to Moodle Development
Introduction to Moodle Development
 
Headless approach and Acquia - Case study - Chris Ozog
Headless approach and Acquia - Case study - Chris OzogHeadless approach and Acquia - Case study - Chris Ozog
Headless approach and Acquia - Case study - Chris Ozog
 
Improving the MODX Documentation - March 29, 2019
Improving the MODX Documentation - March 29, 2019Improving the MODX Documentation - March 29, 2019
Improving the MODX Documentation - March 29, 2019
 
Face your fears: Drush and Aegir
Face your fears: Drush and AegirFace your fears: Drush and Aegir
Face your fears: Drush and Aegir
 
HTML, CSS & Javascript Architecture (extended version) - Jan Kraus
HTML, CSS & Javascript Architecture (extended version) - Jan KrausHTML, CSS & Javascript Architecture (extended version) - Jan Kraus
HTML, CSS & Javascript Architecture (extended version) - Jan Kraus
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)
 
Free jQuery Grid Plugin - jQGrid
Free jQuery Grid Plugin - jQGridFree jQuery Grid Plugin - jQGrid
Free jQuery Grid Plugin - jQGrid
 
Cache in Chromium: Disk Cache
Cache in Chromium: Disk CacheCache in Chromium: Disk Cache
Cache in Chromium: Disk Cache
 

Similar to Fix Hacked Drupal with GIT

Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 
Hong Kong Drupal User Group - 2014 March 8th
Hong Kong Drupal User Group - 2014 March 8thHong Kong Drupal User Group - 2014 March 8th
Hong Kong Drupal User Group - 2014 March 8thWong Hoi Sing Edison
 
Open source projects with python
Open source projects with pythonOpen source projects with python
Open source projects with pythonroskakori
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Configuration Kits - DrupalCamp NYC 2021
Configuration Kits - DrupalCamp NYC 2021Configuration Kits - DrupalCamp NYC 2021
Configuration Kits - DrupalCamp NYC 2021Martin Anderson-Clutz
 
Drupal + composer = new love !?
Drupal + composer = new love !?Drupal + composer = new love !?
Drupal + composer = new love !?nuppla
 
Efficient development workflows with composer
Efficient development workflows with composerEfficient development workflows with composer
Efficient development workflows with composernuppla
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingAlessandro Molina
 
Drupal training-1-in-mumbai
Drupal training-1-in-mumbaiDrupal training-1-in-mumbai
Drupal training-1-in-mumbaivibrantuser
 
My "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsMy "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsGR8Conf
 
Drupal 8 improvements for developer productivity php symfony and more
Drupal 8 improvements for developer productivity php symfony and moreDrupal 8 improvements for developer productivity php symfony and more
Drupal 8 improvements for developer productivity php symfony and moreAcquia
 
Drupalhagen 2014 kiss omg ftw
Drupalhagen 2014 kiss omg ftwDrupalhagen 2014 kiss omg ftw
Drupalhagen 2014 kiss omg ftwArne Jørgensen
 
Volunteering at YouSee on Technology Support
Volunteering at YouSee on Technology SupportVolunteering at YouSee on Technology Support
Volunteering at YouSee on Technology SupportYouSee
 
Drupal Architecture and functionality
Drupal Architecture and functionality Drupal Architecture and functionality
Drupal Architecture and functionality Ann Lam
 

Similar to Fix Hacked Drupal with GIT (20)

Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master Builder
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
 
Hong Kong Drupal User Group - 2014 March 8th
Hong Kong Drupal User Group - 2014 March 8thHong Kong Drupal User Group - 2014 March 8th
Hong Kong Drupal User Group - 2014 March 8th
 
Open source projects with python
Open source projects with pythonOpen source projects with python
Open source projects with python
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26th
 
Drupal Best Practices
Drupal Best PracticesDrupal Best Practices
Drupal Best Practices
 
Configuration Kits - DrupalCamp NYC 2021
Configuration Kits - DrupalCamp NYC 2021Configuration Kits - DrupalCamp NYC 2021
Configuration Kits - DrupalCamp NYC 2021
 
Drupal + composer = new love !?
Drupal + composer = new love !?Drupal + composer = new love !?
Drupal + composer = new love !?
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depth
 
Introduction to git & github
Introduction to git & githubIntroduction to git & github
Introduction to git & github
 
Efficient development workflows with composer
Efficient development workflows with composerEfficient development workflows with composer
Efficient development workflows with composer
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears Training
 
Drupal training-1-in-mumbai
Drupal training-1-in-mumbaiDrupal training-1-in-mumbai
Drupal training-1-in-mumbai
 
It4k12 wordpress
It4k12 wordpressIt4k12 wordpress
It4k12 wordpress
 
Git In One Evening
Git In One EveningGit In One Evening
Git In One Evening
 
My "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails ProjectsMy "Perfect" Toolchain Setup for Grails Projects
My "Perfect" Toolchain Setup for Grails Projects
 
Drupal 8 improvements for developer productivity php symfony and more
Drupal 8 improvements for developer productivity php symfony and moreDrupal 8 improvements for developer productivity php symfony and more
Drupal 8 improvements for developer productivity php symfony and more
 
Drupalhagen 2014 kiss omg ftw
Drupalhagen 2014 kiss omg ftwDrupalhagen 2014 kiss omg ftw
Drupalhagen 2014 kiss omg ftw
 
Volunteering at YouSee on Technology Support
Volunteering at YouSee on Technology SupportVolunteering at YouSee on Technology Support
Volunteering at YouSee on Technology Support
 
Drupal Architecture and functionality
Drupal Architecture and functionality Drupal Architecture and functionality
Drupal Architecture and functionality
 

More from Wong Hoi Sing Edison

[HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution]
[HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution][HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution]
[HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution]Wong Hoi Sing Edison
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 
[HKOSCON][20200613][ Ansible: From VM to Kubernetes]
[HKOSCON][20200613][ Ansible: From VM to Kubernetes][HKOSCON][20200613][ Ansible: From VM to Kubernetes]
[HKOSCON][20200613][ Ansible: From VM to Kubernetes]Wong Hoi Sing Edison
 
[HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes]
[HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes][HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes]
[HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes]Wong Hoi Sing Edison
 
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes][BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]Wong Hoi Sing Edison
 
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...Wong Hoi Sing Edison
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?Wong Hoi Sing Edison
 
[20160314][CUHK][CSCI4140]Life of an Agile Team]
[20160314][CUHK][CSCI4140]Life of an Agile Team][20160314][CUHK][CSCI4140]Life of an Agile Team]
[20160314][CUHK][CSCI4140]Life of an Agile Team]Wong Hoi Sing Edison
 
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemBarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemWong Hoi Sing Edison
 
[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?
[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?
[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?Wong Hoi Sing Edison
 
[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8
[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8
[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8Wong Hoi Sing Edison
 
DruStack- a mobile-friendly web content management system (cms
DruStack- a mobile-friendly web content management system (cmsDruStack- a mobile-friendly web content management system (cms
DruStack- a mobile-friendly web content management system (cmsWong Hoi Sing Edison
 
drustack a mobile-friendly web content management system (cms)
drustack a mobile-friendly web content management system (cms)drustack a mobile-friendly web content management system (cms)
drustack a mobile-friendly web content management system (cms)Wong Hoi Sing Edison
 
CUHK CSCI 4140 2015 Spring Guest Lecture - Agile Development
CUHK CSCI 4140 2015 Spring Guest Lecture - Agile DevelopmentCUHK CSCI 4140 2015 Spring Guest Lecture - Agile Development
CUHK CSCI 4140 2015 Spring Guest Lecture - Agile DevelopmentWong Hoi Sing Edison
 
Open Innovation Lab (OIL) - 20150227 - GIT Intro Workshop
Open Innovation Lab (OIL) - 20150227 - GIT Intro WorkshopOpen Innovation Lab (OIL) - 20150227 - GIT Intro Workshop
Open Innovation Lab (OIL) - 20150227 - GIT Intro WorkshopWong Hoi Sing Edison
 
IT Entrepreneurship Talk - City University of Hong Kong
IT Entrepreneurship Talk - City University of Hong KongIT Entrepreneurship Talk - City University of Hong Kong
IT Entrepreneurship Talk - City University of Hong KongWong Hoi Sing Edison
 
OSS Community Meeting - OSS Community Management for Dummy
OSS Community Meeting - OSS Community Management for DummyOSS Community Meeting - OSS Community Management for Dummy
OSS Community Meeting - OSS Community Management for DummyWong Hoi Sing Edison
 
Barcamp Hong Kong 2014 - Introduction to GIT
Barcamp Hong Kong 2014 - Introduction to GITBarcamp Hong Kong 2014 - Introduction to GIT
Barcamp Hong Kong 2014 - Introduction to GITWong Hoi Sing Edison
 
Barcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management System
Barcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management SystemBarcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management System
Barcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management SystemWong Hoi Sing Edison
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 

More from Wong Hoi Sing Edison (20)

[HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution]
[HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution][HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution]
[HKOSCON][20220611][AlviStack: Hong Kong Based Kubernetes Distribution]
 
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes][HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
[HKOSCon x COSCUP 2020][20200801][Ansible: From VM to Kubernetes]
 
[HKOSCON][20200613][ Ansible: From VM to Kubernetes]
[HKOSCON][20200613][ Ansible: From VM to Kubernetes][HKOSCON][20200613][ Ansible: From VM to Kubernetes]
[HKOSCON][20200613][ Ansible: From VM to Kubernetes]
 
[HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes]
[HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes][HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes]
[HKOSCON][20190615][DevOps with Ansible, From Native to Kubernetes]
 
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes][BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
[BarCamp2018][20180915][Tips for Virtual Hosting on Kubernetes]
 
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
 
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
[HKDUG] #20161210 - BarCamp Hong Kong 2016 - What's News in PHP?
 
[20160314][CUHK][CSCI4140]Life of an Agile Team]
[20160314][CUHK][CSCI4140]Life of an Agile Team][20160314][CUHK][CSCI4140]Life of an Agile Team]
[20160314][CUHK][CSCI4140]Life of an Agile Team]
 
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management SystemBarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
BarCamp Hong Kong 2015 - AuthBucket - Open Source Identity Management System
 
[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?
[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?
[HKDUG] #20151017 - BarCamp 2015 - Drupal 8 is Coming! Are You Ready?
 
[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8
[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8
[HKDUG] #20160626 - HKOSCon 2015 - Website DIY with Drupal 8
 
DruStack- a mobile-friendly web content management system (cms
DruStack- a mobile-friendly web content management system (cmsDruStack- a mobile-friendly web content management system (cms
DruStack- a mobile-friendly web content management system (cms
 
drustack a mobile-friendly web content management system (cms)
drustack a mobile-friendly web content management system (cms)drustack a mobile-friendly web content management system (cms)
drustack a mobile-friendly web content management system (cms)
 
CUHK CSCI 4140 2015 Spring Guest Lecture - Agile Development
CUHK CSCI 4140 2015 Spring Guest Lecture - Agile DevelopmentCUHK CSCI 4140 2015 Spring Guest Lecture - Agile Development
CUHK CSCI 4140 2015 Spring Guest Lecture - Agile Development
 
Open Innovation Lab (OIL) - 20150227 - GIT Intro Workshop
Open Innovation Lab (OIL) - 20150227 - GIT Intro WorkshopOpen Innovation Lab (OIL) - 20150227 - GIT Intro Workshop
Open Innovation Lab (OIL) - 20150227 - GIT Intro Workshop
 
IT Entrepreneurship Talk - City University of Hong Kong
IT Entrepreneurship Talk - City University of Hong KongIT Entrepreneurship Talk - City University of Hong Kong
IT Entrepreneurship Talk - City University of Hong Kong
 
OSS Community Meeting - OSS Community Management for Dummy
OSS Community Meeting - OSS Community Management for DummyOSS Community Meeting - OSS Community Management for Dummy
OSS Community Meeting - OSS Community Management for Dummy
 
Barcamp Hong Kong 2014 - Introduction to GIT
Barcamp Hong Kong 2014 - Introduction to GITBarcamp Hong Kong 2014 - Introduction to GIT
Barcamp Hong Kong 2014 - Introduction to GIT
 
Barcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management System
Barcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management SystemBarcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management System
Barcamp Hong Kong 2014 - Commercial Use of OSS Web Content Management System
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8th
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

Fix Hacked Drupal with GIT

  • 1. Hong Kong Drupal User Group (HKDUG) Fix Hacked Drupal with GIT HKDUG Meetup 2018 May 12th
  • 2. Edison Wong ● 2005 - Drupal Developer & Contributor – https://drupal.org/user/33940 ● 2008 - HKDUG Co-founder – https://groups.drupal.org/drupalhk ● 2010 - CEO, PantaRei Design – hswong3i@pantarei-design.com
  • 3.
  • 4. PantaRei Design ● Everything Changes and Nothing Remains Still ● Reinvent Enterprise with Open Source Software and Cloud Computing ● Hong Kong based FOSS service provider – Content Management System (CMS) with Drupal – Cloud Hosting Solution with Amazon Web Services (AWS) – Team collaborate solution with Atlassian ● Business Partner with industry leaders – 2012, AWS Consulting Partner – 2013, Acquia Partner – 2013, Atlassian Experts – 2014, Rackspace Hosting Partner ● http://pantarei-design.com
  • 5.
  • 6. Hong Kong Drupal User Group ● The Hong Kong Drupal User Group are open to everyone with an interest in Drupal and are a great opportunity to learn more about what Drupal can do and what folks are building with it. ● Drupal is a free software package that allows you to easily organize, manage and publish your content, with an endless variety of customization. – Event organizing: http://www.meetup.com/drupalhk – Technological discussion: https://groups.drupal.org/drupalhk – Business connection: http://www.linkedin.com/groups/?gid=6644792 – General sharing: https://www.facebook.com/groups/drupalhk
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Outline ● Why Your Drupal Being Hacked? ● What Happen If Being Hacked? ● How to Figure It Out? ● What You Need for Fixing It? ● Fix a Hacked Drupal with GIT
  • 15. Why Your Drupal Being Hacked? ● Main Reason: No Maintenance and Upgrade – All software with potential bugs or security issues – All software needs regular maintenance and upgrade ● e.g. your private car also need annual mantenance ● Drupal security team will announce if security issues figure out to public, usually with patches – BTW, both site owner and hacker could get this information – So you will need to upgrade your site before hacker come ● https://www.drupal.org/security
  • 16. What Happen If Being Hacked? ● Today, usually you could feel your site become very slow, or even unresponsible – Because today hacker usually use your hacked machine for Bitcoin Mining – This give hacker direct benefit – This will use up your CPU, Memory, Disk I/O and Bandwidth ● For sure, you may lose your data – If your site with valueable assest – This give hacker indirect benefit – Hacker need to find a way to utilize the hacked data ● Sometime, hacker may redirect your user to somewhere else – e.g. A password reset page, or update payment method page, etc – Again, this give hacker indirect benefit
  • 17. How to Figure It Out? ● Umm... If your site suddently become unresponsive ● Check your machine loading – e.g. `ps aux`, `htop`, `bmon`, etc – Try to kill those unexpected processes, sometime they may auto rerun again and again ● Check your DocumentRoot structure – Usually some unexpected files should appear – Some hacker even write down “Hacked by xxx” inside those files...
  • 18. What You Need for Fixing It? ● Linux – Here I use Ubuntu 18.04 ● Apache, PHP-FPM, MySQL – As like as your production server setup – https://symfony.com/doc/current/setup/web_server_configur ation.html#using-mod-proxy-fcgi-with-apache-2-4 ● PHP-CLI with Composer ● Drush ● GIT
  • 19.
  • 20. Fix a Hacked Drupal with GIT ● Stop Public Access ● Stop Illegal Process ● Backup ● Compare with GIT ● Reduce Different ● Migrate Usefule Files ● Restore Database ● Upgrade Legacy Core and Modules
  • 21. Stop Public Access ● Stop production server Apache ● Setup firewall only allow your incoming SSH access ● Also try to stop outgoing traffic if possible
  • 22. Stop Illegal Process ● Check with `htop`, `top` or `ps aux` ● Figure out high loading process ● If process looks strange, try to find its location, read and understand it (by Googling) ● Try to kill it – Sometime it may rerun, which means another background cronjob/daemon is running for it, you will also need to kill them, too
  • 23. Backup ● Backup both Drupal source code and database – Hopefully you may also have regular backup, too ● DON’T DIRECTLY FIX YOUR LIVE COPY WITHOUT BACKUP!!
  • 24. Compare with GIT ● Figure out which version of Drupal are using ● Download a clean copy from drupal.org ● Extract the clean source code ● `git init && git add --all --force` ● `git commit -am ‘initial healthy drupal-7.5.4’` ● Symlink the healthy .git folder to hacked version ● `git status` – Now you could see which files being add/changed ● `git diff -w -b -M HEAD` – This show you the differences
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. Reduce Different ● Some file may be missing out from either version, copy back-and- forth to reduce the differencies, e.g. – CHANGELOG.txt, README.txt, etc – Your custom module and theme ● Sometime you may need to recover from your healthy backup version too ● Other modules may also need to download from drupal.org for compare ● Again, go to the healthy version and commit changes, then diff from hacked version again and again
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. Migrate Usefule Files ● Some files may not related to code changes, e.g. – sites/default/settings.php – sites/default/files ● Copy them from hacked version to healthy version ● Remember to scan those folder if coming with illegal *.php files, and remove it, e.g. – `find sites/default -type f -name ‘*.php’`
  • 41. Restore Database ● If everything looks good your could now restore your database ● Try to access the website, it should basically works now
  • 42.
  • 43.
  • 44. Upgrade Legacy Core and Modules ● Final step, upgade all legacy core and modules into latest stable ● Its time to restore the healthy version to production server ● https://github.com/drustack/drustack-standa rd/blob/7.x/composer.json
  • 45.
  • 46.
  • 47.
  • 48. Q&A
  • 49. I Need More Help! ● Read documents from Drupal Community – https://drupal.org/documentation ● Join Hong Kong Drupal User Group – Event organizing: http://www.meetup.com/drupalhk – Technological discussion: https://groups.drupal.org/drupalhk – Business connection: http://www.linkedin.com/groups/?gid=6644792 – General sharing: https://www.facebook.com/groups/drupalhk ● Contact us for one (1) month free-trial support service – http://pantarei-design.com/services/support/#support-service-plans
  • 50. Address: Unit 326, 3/F, Building 16W No.16 Science Park West Avenue, Hong Kong Science Park, Shatin, N.T. – Phone: +852 3576 3812 – Fax: +852 3753 3663 – Email: sales@pantarei-design.com – Web: http://pantarei-design.com Contact us