While Acquia does actively monitor global cyber threats and takes appropriate action as needed, we also strongly recommend performing the following actions, especially in the presence of en elevated security threat:
Check for available updates under the Drupal admin console, or by using drush or composer.
Perform a user audit
Ensure permissions are restricted and implemented correctly
Remove any old or unneeded admin or privileged accounts
If a breach has occurred or internal threat, an attacker or internal threat may have added user(s) to retain access.
Check for any new or unexpected user accounts
Password Checks
Bad passwords are the most common cause of site compromise.
Ensure strong password requirements are enforced. A community contributed module that offers this functionality is Password Policy.
Perform a check for bad passwords. A community contributed module that offers this functionality is Drop the Ripper
2-Factor Authentication
Enforce 2-factor authentication (especially for admin and/or privileged accounts) to mitigate the threat of compromised passwords.
Review Site Functionality
Check that file uploads are restricted to intended file extension type (e.g. Do not allow .html uploads for an image)
Ensure any sensitive data files are uploaded to secure directories only (e.g. Do not place personal data ( PII ) such as CVs or job applications in public 'files' directories)
Review controls on web forms
Attackers will often target forms that generate outbound emails ( e.g. "refer a friend" or "contact-us" )
Try to keep messages generated from forms generic
Ensure CAPTCHA controls are used to prevent abuse
Web Application Firewall ( WAF )
If a WAF is not already in place, Acquia strongly recommend implementing one.
Edge Protect provides advanced security controls to restrict and block attacker traffic before it reaches the application stack. Common attack methods are identified and blocked automatically. WAFs are extremely effective in mitigating (D)DOS attacks.
Cloud Platform