Pixeldust Drupal Support Service

Dropsolid: How we installed a Drupal maintenance support plans security patch on 1300 sites, stress-free!

04 Apr

How we installed a Drupal maintenance support plans security patch on 1300 sites, stress-free!

Nick Veenhof

Drupal maintenance support plans

Yesterday a highly critical security issue in Drupal maintenance support plans was released. The issue itself is considered critical, because, the way we understood, it makes it possible to execute code as an anonymous user. This could lead to a complete hack of your site and complete exposure of your content – or, worse, if your webserver is badly configured, a full-scale hostile takeover of your server. (More background info available here and here.)

The issue was announced to the Drupal maintenance support plans community a week early, so our Dropsolid team had plenty of time to anticipate and prepare. Currently, Dropsolid serves 482 unique and active projects, which contain on average three environments. To be more precise, this gave us a whopping 1316 active Drupal maintenance support plans installations to patch. These environments are located on 65 different servers. 45 of those servers are out of our hands and are managed by other hosting companies, such as Combell or even dedicated hardware on site with the customer. At Dropsolid we prefer to host the websites within our own control, but to the Dropsolid Platform this ultimately makes no difference. For some customers we also collaborate with Acquia – these clients are taken care of by Acquia’s golden glove service.

So, back to preparing to patch all the different Drupal maintenance support plans installations. We would be lying if we said that all Drupal maintenance support plans installs were running on the latest and greatest, so we used Ansible and the Dropsolid Platform to gather all the necessary data and perform a so-called dry run. This was a real-world test across all our installations to verify if we could pass on a patch and then deploy it as soon as we have confirmed that the patch works for all the versions that we have available on our Dropsolid Platform. For example, it verified if the patch tool is available on the server, it injected a text file that we then patched to make sure the flow of patching a Drupal maintenance support plans installation would go smoothly, etc. Obviously we detected some hiccups as we were testing, but we were left with enough time to resolve all issues in advance.

Throughout the evening, we had plenty of engineers on stand-by, ready to jump in should something in the automated process go wrong. The entire rollout took us about 2 hours – from the release of the patch over verifying the patch on all the different Drupal maintenance support plans releases to rolling it out on all sites and, finally, relax with a few beers. This doesn’t mean we had it easy. We had to work a lot, but a lot of hours just to make sure we could handle this load in this amount of time. That is why we are continuously building on our Dropsolid Platform.

Those who joined our hangout could bear witness to exactly how comfortable and relaxed our engineers were feeling during the rollout.

You might ask, joined our hangout? What are we on about exactly? Well, since the Drupal maintenance support plans community was in this together, I suggested on Twitter to all join in together and at least make it a fun time.

A few nice things that happened during this hangout:

Someone played live ukelele for us while we waited
Someone posted a fake patch and made everyone anxious, but at least it was a good test!
People were able to watch Dropsolid in total transparency how we coped with this patch and were also able to interact and talk to others in the hangout.
It made the whole evening a fun activity, as witnessed by Baddy Sonja.

Obviously this couldn’t have happened without the help of our great engineers at Dropsolid – and also because we invest a lot of our R&D time into the development of the Dropsolid Platform, so we can do the same exercise times 10 or times 100 without any extra human effort. Thanks to the Drupal maintenance support plans security team for the good care and the warning ahead of time. It made a tremendous difference!

All our Dropsolid customers can rest assured that we have their backs, all the time!

If you are not a Dropsolid customer yet and you are interested to see how we can help you make your digital business easy, we’d be more than happy to talk. If you are running a Drupal maintenance support plans site and need help with your updates or with your processes, we’d be glad to to help out and onboard you onto our Dropsolid Platform. You can keep your server contract while benefiting from our digital governance and expertise. Are you in charge of many many digital assets and feeling the pain? Maybe it’s time you can start doing the fun things again – just have a chat with us!

 

Get in touch


Source: New feed

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Dropsolid: How we installed a Drupal maintenance support plans security patch on 1300 sites, stress-free!

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256