Dr . Upal Is In:
Healthcheck your site!
use ←↑↓→ or <SPACE>
"Where's the links?"
We create and care for
Drupal-powered websites.
Minneapolis, MN (Mostly!)
Services
Site and hosting migratiton
Drupal 8 upgrades
Site audits
Process consultantcy
"But my site is fine!"
Every site is healthy
...until it isn't.
Reasons to healthcheck
Errors, breakage, malicious content
Poor performance
"It's your site now."
A feeling isn't an healthcheck
...but a feeling is a sign you need one.
Smoke testing
Check if you're on the right path
Can be difficult to check in-house
It's better to know and plan
...than just hope for the best.
Checking the basics
Checking for updates
Yes, really.
The most basic, important thing you can do!
Using the Update Report
Admin > Reports > Available Updates
I can't find it!
Provided by the Update Manager module
May be disabled on production sites
Enabling Update Manager
Admin > Extend
Don't panic!
Your site won't be a "sea of green"
Look for Red
Security updates, unsupported modules
Take Action ASAP!
Look for Red
Security updates, unsupported modules
Take Action ASAP!
Out-of-date Modules
Some sites break if updated!
Always ask your team first!
Status Report
Overview of your site
Admin > Reports > Status
Look for red
Misconfigurations
Updates required
Down connections to external services
Caching
Admin > Configuration > Development > Performance
Caching best practices
CSS and JS files Aggregated
Page cache maximum age set*
* Most sitesCheck your log
Don't look for specific errors...
...look for frequency of severe errors!
Using the DB Log
dblog enabled for most sites
Admin > Reports > Recent Log Messages
Automating Checks
Site Audit module
Gathers data, runs best practice checks
Requires drush
Command Line tool for Drupal
Installation for D7
drush en -y site_audit
drush cc drush
cd path/to/your/sitedrush aa
--html
--bootstrap
--detail
--skip=insights
> path/to/report.html
Best Practice Checks
Read them all!
Highest value checks in the whole report
Caching Settings
Best performance value for small sites
Consider Page cache maximum age carefully!
Status and Updates
Same as Update Manager and Status Report
Replaces manual steps, no login needed!
Content checks
More FYI than problem-finding
Does not replace a content audit
Technical stats
File, code, DB sizes
Sometimes useful! Depends on your site.
Healthcheck module
Not a Drush command!
Monitors continually, pluggable notifications
Currently in beta!Installing Healthcheck
composer require drupal/healthcheck
Enable like any module
Running an Ad hoc report
Admin > Reports > Healthcheck
Action-oriented, priority ordered report
Email notifications
Send healthchecks to your inbox
Customizable messages, full reports or criticals
Historical reports
Monitor how your site improves
Views-based, customizable
Help us out!
Infrastructure checkups
Where're you hosted?
Shared hosting
Managed hosting (Pantheon, Acquia)
Self-managed (VPS, internal)
Still happy with it?
What was your primary motive?
Is that still true?
Enough memory?
free utility
Shows used, free, and available memory
$ free -h total used free shared buff/cache available
Mem: 15Gi 3.8Gi 4.1Gi 1.7Gi 7.7Gi 9Gi
Swap: 31Gi 77Mi 31GiWhat about disk?
df or "disk free" utility
Free space, not performance
$ df -hFilesystem Size Used Avail Use% Mounted on
dev 7.8G 0 7.8G 0% /dev
run 7.8G 1.9M 7.8G 1% /run
/dev/nvme0n1p3 434G 142G 270G 35% /
/dev/nvme0n1p1 599M 42M 558M 7% /bootCPU load
top utility
Look for idle or id percent
Mem: 12541644K used, 3767604K free, 1816292K shrd, 965248K buff, 6908000K cache
CPU: 1% usr 0% sys 0% nic 96% idle 0% io 0% irq 0% sirq
Load average: 0.70 0.87 0.92 4/1173 264
PID PPID USER STAT VSZ %VSZ CPU %CPU COMMAND
29 1 apache S 373m 2% 1 0% /usr/sbin/httpd -D FOREGROUND -f /
30 1 apache S 368m 2% 3 0% /usr/sbin/httpd -D FOREGROUND -f /
33 1 apache S 368m 2% 2 0% /usr/sbin/httpd -D FOREGROUND -f /
32 1 apache S 368m 2% 0 0% /usr/sbin/httpd -D FOREGROUND -f /
139 1 apache S 368m 2% 2 0% /usr/sbin/httpd -D FOREGROUND -f /
1 0 apache S 368m 2% 0 0% /usr/sbin/httpd -D FOREGROUND -f /
42 0 apache S 6244 0% 1 0% /bin/bash
263 42 apache R 1532 0% 0 0% topq to quit)
Managed Hosting
Typically do not need auditing
Memory, disk, CPU typically auto-scaled
Managed Hosting
Typically do not need auditing
Memory, disk, CPU typically auto-scaled
PHP Version
D8 should always be on PHP 7!
For D7, try PHP 7, otherwise PHP 5.6
"Updating" PHP
Actual 5.x to 7.x updates are rare
Better to move to new server/hosting
CLI vs. Web PHP
PHP version (x.y) should always match
Configuration may differ, but only minor
Checking Web PHP
Best done through the web UI
Admin > Reports > Status
Checking Web PHP
Best done through the web UI
Admin > Reports > Status
$ php --versionPHP 5.6.33 (cli) (built: Feb 7 2018 15:35:50)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
with Xdebug v2.5.0, Copyright (c) 2002-2016, by Derick RethansAs your site grows...
...you can outgrow your hosting.
Auditing modded code
Mods aren't "hacks"
Not malicious!
Intentional modification of core & contrib code
Why mod?
Expediency, lack of knowledge, bug fixes
Unaware of "offical" patching process
Hacked! module
Compares installed core & contrib against D.O
Version aware
When to use
You use ftp (not git or CI) to deploy
You haven't updated in ages
You suspect a breach
Installation
composer require drupal/hacked
drush en -y hacked
Run against Live
Not your local!
Untracked, "cloaked" files
Running the report
Admin > Reports > Hacked
False Positives
Minor changes can flag a module
Missing READMEs, line-endings, best-practice changes
Getting detailed results
Install the diff module
Displays individual line changes
Going Legit
Create patch from changes, add to site repo
Post to D.O if broad benefit
Right way to mod
Refer to the patch on D.O if posted
Modding isn't wrong
...but it needs to be done right
Hacks and Recovery
Signatures
Clues that imply a hack
eval() + base64_decode()
Common way to unpack, execute exploit code
Scanning code for Hacks
Hacked! report, grep utility
Look for duplicate files & modules
Check the logs?
Use only to corroborate a hack...
...not to detect one.
"Wildlife"
The 'net isn't a clean place!
Frequent drive-by attacks are common
DON'T PANIC
Breathe.
DON'T PANIC
Breathe.
Take the site offline
Better to be offline than compromised
User privacy, partner exposure, brand damage
Backup the hacked site
You need a working copy to examine
Place it in an air-gapped system
When were you hacked?
Requires some sleuthing
Tie to missed module or core security release
Find a clean backup
DB, code, and files from before the hack
Be sure it isn't compromised!
Update the clean backup
Apply all security updates and patches
Copy content over manually
Back it up again
Avoid rebuilding a second time
Site may still be exposed in other ways
No Backup?
Clean up what you can
Accept risk of follow-up hacks
Throw away and rebuild
Really. Assume it's comprimised.
Invalidate all passwords and start over
Throw away and rebuild
Really. Assume it's comprimised.
Invalidate all passwords and start over
You will be hacked
...but you can be prepared.
Remediation
Recover from hacks first
Restore to a clean state, then...
...apply all security updates.
Then, fix all the easy stuff
Disable bad-practice modules
Best practice config changes
Then, fix all the easy stuff
Disable bad-practice modules
Best practice config changes
Then, fix all the easy stuff
Disable bad-practice modules
Best practice config changes
Statistics module
Does a DB write on each request!
Rarely needed, as other analyics are used
PHP Module
Executes PHP code in content
Instant security vulnerability!
Uninstalling PHP module
Check text-formats, use of Views PHP first!
Test for breakage, then uninstall.
Duplicate modules
Confusing, causes missed updates
Can be sign of a hack
De-duping modules
Remove, drush cr && drush updb
Test locally first!
Audit != Performance Analysis
Different tools, approaches
Time and brain intensive process
Remediation is a process
Not a fix.
Mistakes were made
It's not broken...
...but it's not working (well) either.
Why does this happen?
Inexperience, bad assumptions, changing priorities
Why does this happen?
Inexperience, bad assumptions, changing priorities
Too few content types
Articles and Basic Pages everywhere
Tons of fields, not all used
Too many content types
Differentiation only in name, not use or data
Press Release vs. Blog Post vs. News
Rethink Content Stategy
Do a content audit
Use card sorting to rediscover groupings
Drop old, irrelvent content
Merge, split types
Can be done manually or using Migrate
Per-node tasks via Views Bulk Operations
Reorganize
Update menus, build new sections
Layout is not content
Gives site messy, inconsistent feel
Layout managers
Separates content from layout
Overuse, abuse of a feature
Causes gradual performance loss
Often unaware, or unintentional
Time for a new site?
Current site code unsupported
Cheaper, easier to rebuild than fix
"It's time for it."
Rebuilds easier on staff
"Rip the bandage off" approach
Enforce best practices from the start
Coodinate with a hosting change
Don't go alone
Bring in external help on a rebuild
Outside perspective, broader experiences
Do they audit?
Good "get to know each other" exercise
Informs better estimating
TEN7 does audits!
Flat pricing
Analysis and recommendations
Look to the long term
Fast fixes bring brief benefit
Special thanks
Flyover Camp
Thank you!
socketwench.github.io/healthcheck-your-site