jump to last post 1-4 of 4 discussions (9 posts)

Anyone here on HP owns a Drupal site?

  1. Cardisa profile image91
    Cardisaposted 3 years ago

    Have you built your site with Drupal and do you have frequent security issues?

  2. LoneWolfMuskoka profile image79
    LoneWolfMuskokaposted 3 years ago

    I have one site I built on Drupal. It is not as easy to maintain and keep up to date as WordPress and I plan to switch it at some point. I get tons of spam comments and signups, but haven't noticed any security problems at this point.

    1. Cardisa profile image91
      Cardisaposted 3 years ago in reply to this

      I had my site compromised recently and I have seen many people post the same issues in the forums. I think Joomla have better security.

      I blame myself because when I used the motion captcha it kept out the spammers but one of my friends said she was having difficulty signing up so I removed the captcha for a few hours and BAM! I was attacked.

      I am switching to Joomla.

  3. anusha15 profile image84
    anusha15posted 3 years ago

    I've a Drupal site too. Spam comments are an issue, but I don't let them get published without approval. And I do the clean up of approval queue once in a few days using SQL queries.

    There are no other security issues.

    By the way, spam comments are not a security issue of Drupal - one should start using Disqus for comments if they want authorised users to comment.

    One problem I've had with Drupal is that Open id does not work as you would expect it to. In which case, I would simply make comments only allowed by authorised users of the website itself, which I think woudl be quite effective in avoiding spam.

    1. Cardisa profile image91
      Cardisaposted 3 years ago in reply to this

      Anusha, I had a lapse in judgement. I allowed my users to post without approval and that's where the problem arose. It was just for a few hours that I removed the security feature to allow some who said she had problems signing up. Biggest mistake.

      1. anusha15 profile image84
        anusha15posted 3 years ago in reply to this

        Do you want some help? How many comments are there? I've to remove unpublished comments ranging from 60 -500 or even more if I haven't done the cleanup for some time. You can delete the published comments too - matter of a few minutes. Let me know if you want help. It's possible to do it from UI as well as command line (mysql queries).

        1. Cardisa profile image91
          Cardisaposted 3 years ago in reply to this

          It's not the comments. What happened was that I allowed members to place codes in their content, such as Adsense and Amazon. When I removed the captcha, they signed up and created content adding a code which would not allow me to remove their content, even though the permission is set that way.

          It's a lot of spam and porn content so I placed the site in maintenance mode in order to remove them but it's really taking a lot of technical work. I going to have to adjust the htaccess file but am considering switching to WP or Joomla.
          It also seems that it's affecting the function of the entire site as well.
          It's a creative writing site for poetry and short stories only.

  4. anusha15 profile image84
    anusha15posted 3 years ago


    I'm not a Drupal Pro but I think this should not be tough. You can ask someone on Drupal forum to confirm this, as well as get some step by step instructions.

    There are two "user" related tables in my Drupal 6.x database (might vary in your version).

    There is a field which says: "created". All you have to do is delete all the users from tables - users and and user_roles who were created in the duration when you faced the attack.

    Similarly, delete all the content - may be it will automatically get deleted if you delete users, I'm not sure - but a set of mysql queries would do your job. Consider taking help from Drupal forums.
    Hope this is helpful.

    Another thing, such stuff can occur in WP or Joomla too. Authorised users, who have permissions to post content, can break havoc on a website.


    1. Cardisa profile image91
      Cardisaposted 3 years ago in reply to this

      I tried that and it's the accounts just wont delete.

      If this was the only issue I had, I would probably spend the energy on it but Drupal has had a lot of issues and I need an application I can count on. I love using Drupal because it very easy to build with but I find them to be unstable. I find that Joomla is better.