Drupal SA-CORE-2012-003 quick fix

Drupal Recently Drupal released the new version (7.16) to fix a security issue that would allow an attacker to reinstall an existing Drupal site with an external database server and then execute custom PHP code, more information available here: http://drupal.org/node/1815912.

There are many way to prevent this instead of updating a Drupal installation (always recommended), probably the quickest is to deny access to the interested file with few lines for the .htaccess file:


<Files install.php>
  deny from all
  ErrorDocument 403 "Access denied."
</Files>

Enjoy!

Advertisements