Drupal Check: The EngineHack

Drupal Check: The EngineHack

It's a lousy name, but the hack is real. Somewhere around DrupalGheddon (SA-CORE-2014-005), a lot of Drupal installations got hacked. This particular hack remains hidden and doesn't stand out. But it's a timebomb, waiting to go of and wreck havoc.

If your site was hacked, the hack will secretly advertise the purchase of drugs and will alter your SEO results to achieve its goal. You can quickly check your Drupal installation using the tool below.

Scan your site

Enter your site's URL and let this tool scan for evidence of the hack.

The Hack

This hack infects Drupal Core, Farbtastic and numerous other files. It gets included in Drupal's Bootstrap, and is executed on every run.

>> Read more

Checking your site

This site allows you to enter your website's URL and have it crawl the homepage, attempting to find evidence of the hack. There's no guarantee that we can find it, but there are enough fingerprints that we can make an educated guess.

>> Read more

Detecting the hack

One specific part of its signature, is the usage of cookies named engine_ssl_ and engine_ssid_. On top of that, the hack only shows when a site is browsed/crawled with the GoogleBot User Agent.

>> Read more