Drupalgeddon2 CVE-2018-7600 Patch Fix

Posted Under: Drupal, Fix, Security, Tutorials on Apr 23, 2018
drupalgeddon2 RCE Vulnerability can fully compromise a Drupal instance of version 7.x and 8.x. It allow the attacker to execute arbitrary code on the victim machine without authorization.

Update Firewall Rules

First you need to update your firewall rules. Below is the mod_security rules that can provide protection against drupalgeddon2 .
# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters
SecRule &ARGS_NAMES|&REQUEST_COOKIES_NAMES "@gt 0" "phase:2,log,chain,id:3295,t:none,block"
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process|access_callback|lazy_builder)|[#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process|access_callback|lazy_builder)" "t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,t:removeWhitespace"

Update .htaccess Rules

Put following in your .htaccess file for instant protection.
RewriteEngine On
RewriteCond %{QUERY_STRING} account/mail/%23value [NC,OR]
RewriteCond %{QUERY_STRING} account/mail/#value [NC,OR]
RewriteCond %{QUERY_STRING} timezone/timezone/%23value [NC,OR]
RewriteCond %{QUERY_STRING} timezone/timezone/#value [NC]
RewriteRule .* - [L]

Update Drupal installation

It is recommended that you update your Drupal installation as soon as possible.
If you are running 7.x, upgrade to Drupal 7.58. If you are running 8.5.x, upgrade to Drupal 8.5.1.