Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: open
...hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine cryptocurrency via CoinHive.
A complex Drupal site can be quite fragile in my experience. It absolutely needs to be updated on a dev platform, pushed to test where the current live data is uploaded, tested, then pushed live.
I did not think D8 was so fragile.
I have known people in D6 that almost never updated their sites, spam-tastic, and never got hacked.
The problem with any software that has a public-facing website is that the reprobates can scan at their leisure to see what tech you're running and create a database of all sites running Drupal or Wordpress,..
I have known people in D6 that almost never updated their sites, spam-tastic, and never got hacked. Are you saying that Drupal is not the rock solid CMS I thought it is/was? It only accounts for, what, 2% of web sites?
since then I've been distant from Drupal. I don't know how many here are aware of the details, but Drupal 8 is a totally diff animal, so in terms of Drupal history I would wonder how the guys from Backdrop are doing.
Ergophone: That's just a huge hurdleabsolutely, and thanks for that detailed report - comment, appreciated. I had a few discussions with some people about this, they love the "new thing" and say drush, brush, cush, and whateverush 2.045.12 bring more stability and the safety we could only hope for on [insert-another-weird-name-here].
Before we dive in, though, you may be asking yourself, “Why Composer? Can’t I just download Drupal and the modules I need without requiring another tool?” Yes you can, but you will quickly realize it’s not a simple task:
1. Contributed modules or themes often depend on third-party libraries installed via Composer. Without using Composer for the project, you’ll need to manage these individually when downloading, which can be quite a chore.
2. Some packages and modules only work with certain versions of PHP or Drupal. While Drupal core does help you identify these issues for modules and themes, it’s still a manual process that you’ll need to work through when choosing which versions to download.
3. Some packages and modules conflict with other packages. You’ll need to read the composer.json files to find out which.
4. When you upgrade a package or a version of PHP, you’ll need to do all the above over again.
5. If you’re thinking you’ll use drush dl and friends, they’ve been removed in favor of Composer.
[edited by: ergophobe at 5:10 pm (utc) on May 21, 2018]
People who are used to doing module upgrades with Drush, should notice that in Drush 9 (the current version) all the up commands - pm-update, pm-updatecode and pm-updatestatus - are deprecated. You have to use the corresponding Composer commands.
ergophone: That sums up the situation currently.
joined:Dec 10, 2005