[oplinwebkits] URGENT: Read carefully, please
Laura Solomon
laura at oplin.org
Thu Oct 30 13:38:08 EDT 2014
Hello again,
While there is no immediate sign of compromise, OPLIN is following Drupal's directives and rolling all of the Website Kits back to their prior states ( October 15th at midnight, which pre-dates the security vulnerability). We will be doing this sometime next week, and as soon as we have a concrete date, we will let you know. The rollback will not require any downtime; your site will still be available throughout.
Meanwhile:
1. If you have not already, b e sure to make copies, ASAP , of all content you added to your site after midnight, October 15th . We are attaching instructions to help you find which content that might be, if you're not sure. Please note that there are separate instructions for Drupal 6 and Drupal 7. If you're not sure which you have: is there a black bar across the top, when you login to administer your site? That's Drupal 7. No bar? That's Drupal 6.
2. If you truly need to make changes to your website between now and the coming rollback, you can do so. We strongly recommend that you make them minimal, and remember, you'll need to re-create these as well, after the rollback.
Thank you for all of your patience, as we work through trying to make sure that everything is protected.
Laura
--
Laura Solomon, MCIW, MLS
Library Services Manager , Ohio Public Library Information Network (OPLIN)
(614) 728-5252 (voice) | (614) 728-5256 (fax)
laura at oplin.org | http://www.oplin.org/
----- Original Message -----
From: "Laura Solomon" <laura at oplin.org>
To: "List Serv Redirect" <oplinwebkits at oplin.org>
Sent: Thursday, October 30, 2014 9:21:07 AM
Subject: URGENT: Read carefully, please
Hello,
Last night , Drupal (the system that runs the Website Kit websites) announced that a critical security vulnerability, that we did patch earlier this month, may still have affected Drupal webservers and/or websites. We are currently working on diagnosing any potential issues, and we (thankfully) have the ability to roll things back prior to the flaw (prior to October 15th ). It is likely that we will need to do a restore from that time. Please do the following, immediately:
1) Please cease ALL updating or changing of your library's website.
2) If you have added new content since the 15th, please make copies of it so that you can easily re-create it, if necessary.
If it turns out that we indeed need to restore your website to its October 15 version, we will notify you and let you know when you can begin the process of re-creating the website changes you made as of October 15.
We realize this is very inconvenient; unfortunately, this problem is affecting nearly all Drupal websites, not just OPLIN's, and many of them will have no recourse but to rebuild their entire websites from scratch because they do not have adequate backups. OPLIN has pre-vulnerability backups, so that our sites will not have to be rebuilt from the ground up.
We will keep you updated as we know more, and thank you for your patience as we work to keep your sites as safe as possible.
Laura
--
Laura Solomon, MCIW, MLS
Library Services Manager , Ohio Public Library Information Network (OPLIN)
(614) 728-5252 (voice) | (614) 728-5256 (fax)
laura at oplin.org | http://www.oplin.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplinwebkits/attachments/20141030/0aaad488/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Checking for new content and changes D7.doc
Type: application/msword
Size: 1268224 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplinwebkits/attachments/20141030/0aaad488/attachment-0006.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Checking for new content and changes D6.doc
Type: application/msword
Size: 404992 bytes
Desc: not available
URL: <http://lists.oplin.org/pipermail/oplinwebkits/attachments/20141030/0aaad488/attachment-0007.doc>
More information about the oplinwebkits
mailing list