There are a number of security audits of Drupal websites that have been performed in the last few weeks. These have exposed a number of security issues that malicious coders can take advantage of. (Note these are not just relevant to Drupal, and relate to IE security issues also). We have had only one site hacked through the use of this security flaw and have had to fix it. We are securing all of our customer sites against further hacking in two ways. First of all we have changed all administrator passwords. Second we are rolling out the upgrades version of Drupal that protects against these security issues.

Our upgrade process is this:

• We request a edit freeze on the site for a day.
• We backup the site and database.
• We create a temporary copy of the entire site on a completely different server under a different domain name.
• We test the upgrade on that test site and check for any errors or problems.
• We then put the live client site into site maintenance mode (while we upgrade)
• We then upgrade the live site and test it thoroughly (bearing in mind we have a backup to restore from if any problems arise)
• We then reset the site to online status and clients and customers can resume using the site.

Why should you allow us to do this?
As indicated the site may be exposed to a flaw in IE that allows a user to insert malicious scripted code into a site through an admin hack in some modules. This allows a Trojan horse to be installed that can be downloaded to viewers computers, and worse can get your site blacklisted as a purveyor of viruses and badware [1].
We strongly recommend that you give us permission to proceed with these upgrades.

Cost
There is a small cost, but we consider that it is a good investment to protect your website and your reputation.

Contact us [1] for more information.