Anyone here on HP owns a Drupal site?

Jump to Last Post 1-4 of 4 discussions (9 posts)
  1. Cardisa profile image93
    Cardisaposted 5 years ago

    Have you built your site with Drupal and do you have frequent security issues?

  2. LoneWolfMuskoka profile image73
    LoneWolfMuskokaposted 5 years ago

    I have one site I built on Drupal. It is not as easy to maintain and keep up to date as WordPress and I plan to switch it at some point. I get tons of spam comments and signups, but haven't noticed any security problems at this point.

    1. Cardisa profile image93
      Cardisaposted 5 years agoin reply to this

      I had my site compromised recently and I have seen many people post the same issues in the forums. I think Joomla have better security.

      I blame myself because when I used the motion captcha it kept out the spammers but one of my friends said she was having difficulty signing up so I removed the captcha for a few hours and BAM! I was attacked.

      I am switching to Joomla.

  3. anusha15 profile image87
    anusha15posted 5 years ago

    I've a Drupal site too. Spam comments are an issue, but I don't let them get published without approval. And I do the clean up of approval queue once in a few days using SQL queries.

    There are no other security issues.

    By the way, spam comments are not a security issue of Drupal - one should start using Disqus for comments if they want authorised users to comment.

    One problem I've had with Drupal is that Open id does not work as you would expect it to. In which case, I would simply make comments only allowed by authorised users of the website itself, which I think woudl be quite effective in avoiding spam.

    1. Cardisa profile image93
      Cardisaposted 5 years agoin reply to this

      Anusha, I had a lapse in judgement. I allowed my users to post without approval and that's where the problem arose. It was just for a few hours that I removed the security feature to allow some who said she had problems signing up. Biggest mistake.

      1. anusha15 profile image87
        anusha15posted 5 years agoin reply to this

        Do you want some help? How many comments are there? I've to remove unpublished comments ranging from 60 -500 or even more if I haven't done the cleanup for some time. You can delete the published comments too - matter of a few minutes. Let me know if you want help. It's possible to do it from UI as well as command line (mysql queries).

        1. Cardisa profile image93
          Cardisaposted 5 years agoin reply to this

          It's not the comments. What happened was that I allowed members to place codes in their content, such as Adsense and Amazon. When I removed the captcha, they signed up and created content adding a code which would not allow me to remove their content, even though the permission is set that way.

          It's a lot of spam and porn content so I placed the site in maintenance mode in order to remove them but it's really taking a lot of technical work. I going to have to adjust the htaccess file but am considering switching to WP or Joomla.
          It also seems that it's affecting the function of the entire site as well.
          It's a creative writing site for poetry and short stories only.

  4. anusha15 profile image87
    anusha15posted 5 years ago


    I'm not a Drupal Pro but I think this should not be tough. You can ask someone on Drupal forum to confirm this, as well as get some step by step instructions.

    There are two "user" related tables in my Drupal 6.x database (might vary in your version).

    There is a field which says: "created". All you have to do is delete all the users from tables - users and and user_roles who were created in the duration when you faced the attack.

    Similarly, delete all the content - may be it will automatically get deleted if you delete users, I'm not sure - but a set of mysql queries would do your job. Consider taking help from Drupal forums.
    Hope this is helpful.

    Another thing, such stuff can occur in WP or Joomla too. Authorised users, who have permissions to post content, can break havoc on a website.


    1. Cardisa profile image93
      Cardisaposted 5 years agoin reply to this

      I tried that and it's the accounts just wont delete.

      If this was the only issue I had, I would probably spend the energy on it but Drupal has had a lot of issues and I need an application I can count on. I love using Drupal because it very easy to build with but I find them to be unstable. I find that Joomla is better.


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)