Comments on How to find outdated joomla versions on your server to reduce the risk of being hacked
Today I want to focus on a topic that can lead to huge problems of hacked accounts, spam mailings etc.: Outdated Joomla installations on your server. Of course, this is valid for other software, too. The mentioned method should work in a similar way for other software. Since Joomla is widely spread throughout the internet, especially on shared hosting systems CMS (Content Management System), this howto will only cover Joomla so far.
7 Comment(s)
Comments
thanks. useful script
Here is a little change to get the web domain of the outdated joomla:
[...]
if [[ $ISOK -eq 0 ]] ; then
WEBDIR=`echo $D | sed 's%/web$%%'`
WEBDOMAIN=`mysql -B -u$SQLUSER -p$SQLPASS -e "SELECT domain FROM dbispconfig.web_domain WHERE document_root = '$WEBDIR'" | tail -1`
echo "[WARN] outdated Joomla version $VERSION.$SUBVERSION in $D ($WEBDOMAIN)" ;
if [[ "$OUTFILE" != "" ]] ; then
# write CSV file
echo "\"$D\";$VERSION.$SUBVERSION;$SHOWNEWEST;$IMPORTANCE;$WEBDOMAIN" >> $OUTFILE ;
fi
fi
done
exit 0 ;
Slightly improved version of above comment that does not require database access
if [[ $ISOK -eq 0 ]] ; then
WEBDIR=`echo $D | sed "s/\/web\/.*$//" | sed "s/\/web$//"`
WEBDOMAIN=`find -H /var/www -maxdepth 1 -type l -lname $WEBDIR/ | sed -r 's/^.{9}//'`
echo "[WARN] outdated Joomla version $VERSION.$SUBVERSION in $D ($WEBDOMAIN)" ;
if [[ "$OUTFILE" != "" ]] ; then
# write CSV file
echo "\"$D\";$VERSION.$SUBVERSION;$SHOWNEWEST;$IMPORTANCE;$WEBDOMAIN" >> $OUTFILE ;
fi
fi
Nice done! Your script give me some inspiration making a BashUpdateChecker
https://github.com/ShrimpDev/BashUpdateChecker
Maybe you want push some code there :)
Since release 3.5 version.php syntax has changed from public $RELEASE = '3.4'; to const RELEASE = '3.6';Editing these lines works for me VERSION=`grep '$RELEASE\|const RELEASE' $F | sed -r "s/^.*=\s*'(.*)'.*$/\1/g"` ; SUBVERSION=`grep '$DEV_LEVEL\|const DEV_LEVEL' $F | sed -r "s/^.*=\s*'(.*)'.*$/\1/g"` ;
Any chance something else has changed recently? I edited those two lines that Alrik mentioned but the script still won't work for the newest Joomla 3.x versions. It does still detect old 2.5.x versions. If possible could the whole script be reposted here with the updated code or put on github? The bashupdatechecker that CSoellinger mentioned is no longer available either.
It would be nice if there would be a newer version of this script. Everything older than version 3.8 is a no go and even version 4 is out. There were other good scripts, but a lot of them disapeared.