Call us on: 09 448 1215

" Working alongside Koda on various projects was both easy and seamless, making the whole experience enjoyable! Koda are understanding, patient and know their clients "

" The crew is super easy to deal with throughout the whole process and delivered everything as they said they would. "

" During the design and development process they translated all the “tech speak” into information we could understand and made the process as pain-free as possible! "

" Koda Web acted as a real partner, not only through to the launch of our website but in the following months and they continue to do so. "

"Quick and easy process from start to finish.  The team at Koda listened to us and delivered a website that met our brand guidelines and exceeded our expectations.  We are really happy with the result."

The Importance of Patching

Threat

The importance of patchingA month or so ago I wrote about the importance of patching your content management system and the advantage we believe exists with Open Source content management systems versus those offered by proprietary systems.

At the time of writing I had no idea of the relevance it had with an issue identified within the Drupal Content Management system. On the 15th October 2014 the Drupal security team released a security patch for a fairly serious vulnerability they had identified, details available here: https://www.drupal.org/SA-CORE-2014-005

The threat allowed a hacker to take control of Drupal website and potentially access content and utilise functionality that exists on the site for their own purposes.

The notification itself has caused considerable discussion within the Drupal community as not only did it alert webmasters, site administrator and developers to the need to patch, it also alerted would be hackers to the potential vulnerability. As a result there was a 7 hour window established within which a Drupal site had to be patched before it was fairly certain it had been hacked. For many this window was too short and as a result further remedial effort was required to ensure the integrity of the Drupal website.

At Koda we managed to patch all sites in our care within this window, unfortunately not everyone was able to do so.

Concerns

One of the chief concerns raised was that by sending the security notification it alerted hackers to the vulnerability, I don't believe there was any choice. The issue was found by the team, a patch developed and the communication sent. If they hadn't found it and notified us it could have been exploited by a hacker without us being aware. I believe the real issue the event has raised is the need to partner with a developer and hosting company that can proactively monitor the security patches released by the Drupal team and to ensure the sites in their care are regularly patched.

The Drupal security team have an alerting service available, you just need to register on the www.drupal.com website and subscribe to the security notifications.

This is a great example of the benefit of using an open source content management system for your website that has  large community of developers supporting it and a dedicated security team reviewing it 24x7. Drupal has a large dedicated team of contributors, we all work actively to ensure the platform remains as stable as possible.

I'm not sure how easily an issue such as this would have been identified and resolved on a proprietary content management system, where financially and logistically it is not viable to proactively review code within the application.  

Summary

What it does reinforce however is that once your website is built there is still an ongoing requirement to proactively assess the state of the environment, apply updates as required, and definitely to apply security patches as they become available.

To find out more about the Koda support offering check out our Drupal support page, or contact us and a member of out team will be happy to discuss support options.

Have any Questions? We can help you today.   Send Us An Email