HomeDrupal Tutorials

Drupal Security - the CHANGELOG.txt file

Tags:
2008, August 13 - 6:09pm — Webmaster Tips

I've been having a lot of problems lately with WordPress sites getting hacked. So far no one has hacked any of my Drupal sites.

Every Drupal installation comes with a CHANGELOG.txt file in the root directory. It gives hackers a potential way to see what version of Drupal you're running. I recommend changing the name of CHANGELOG.txt to something that can be guessed. Don't delete the file completely because it lets you know what version of Drupal you're running.

I think that CHANGELOG.txt should automatically be renamed by Drupal during installation, but it has already been discussed and the discussion has been closed. So for now the file has to be renamed manually.

Drupal Security Team Updates

It's also wise to make sure you're running the latest release of Drupal. You can sign up for Drupal security announcements. Drupal 5.10 was released today and I got an email from them right away.

If you find any security holes in Drupal, report them to the Drupal security team.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Facebook
  • Google
  • Yahoo
‹ Drupal ResourcesupDrupal Taxonomy Tutorial ›

Did you find this post helpful? Leave a comment below, and subscribe to my RSS feed.

Syndicate content