Last night a major security flaw in both Drupal & Wordpress was uncovered. Without going into too much detail, it involves a vulnerabiilty that would allow an attacker to bring down an entire server in a matter of minutes. The attack has a similar effect to a Denial Of Service however it takes a different form, allowing the attacker to max out the server's resources by posting a small, cleverly crafted snippet of XML to the website's XML RPC interface (xmlrpc.php).
As a digital agency we use Drupal & Wordpress extensively. As such we take this kind of threat very seriously.
If you have a Drupal or Wordpress site hosted on one of our servers then do not worry - we are taking measures to ensure that these sites are not vulnerable.
Image courtesy of E.L.A
