This was a “highly critical” announcement by Drupal team. They recommended to apply a patch and to uptade, but those operations had to be achieved very quickly. “There may be no trace of the attack,” Drupal’s creators said. “Many site owners will never have received the announcement and many that did will have been asleep,” an analyst at security firm Sophos suggested, asking Drupal to apply an automatic update. Unfortunately it seems this is exactly what Drupal can do right now. recovering from a breach is not easy for the sites affected. A backup from a date prior to October 15 must be used to recover in a completely clean server. Drupal is installed by 5 percent of the users of content management systems. Drupal 7 is very popular.