Comments on How to find outdated joomla versions on your server to reduce the risk of being hacked

Today I want to focus on a topic that can lead to huge problems of hacked accounts, spam mailings etc.: Outdated Joomla installations on your server. Of course, this is valid for other software, too. The mentioned method should work in a similar way for other software. Since Joomla is widely spread throughout the internet, especially on shared hosting systems CMS (Content Management System), this howto will only cover Joomla so far.

7 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous

thanks. useful script

By: Anonymous

Here is a little change to get the web domain of the outdated joomla:

[...] 
     if [[ $ISOK -eq 0 ]] ; then
        WEBDIR=`echo $D | sed 's%/web$%%'`
WEBDOMAIN=`mysql -B -u$SQLUSER -p$SQLPASS -e "SELECT domain FROM dbispconfig.web_domain WHERE document_root = '$WEBDIR'" | tail -1`
        echo "[WARN] outdated Joomla version $VERSION.$SUBVERSION in $D ($WEBDOMAIN)" ;
        if [[ "$OUTFILE" != "" ]] ; then
# write CSV file
echo "\"$D\";$VERSION.$SUBVERSION;$SHOWNEWEST;$IMPORTANCE;$WEBDOMAIN" >> $OUTFILE ;
fi
fi
done

exit 0 ;

By: George Nikolaidis

Slightly improved version of above comment that does not require database access

    if [[ $ISOK -eq 0 ]] ; then

        WEBDIR=`echo $D | sed "s/\/web\/.*$//" | sed "s/\/web$//"`

        WEBDOMAIN=`find -H /var/www -maxdepth 1 -type l -lname $WEBDIR/ | sed -r 's/^.{9}//'`

        echo "[WARN] outdated Joomla version $VERSION.$SUBVERSION in $D ($WEBDOMAIN)" ;

        if [[ "$OUTFILE" != "" ]] ; then

            # write CSV file

            echo "\"$D\";$VERSION.$SUBVERSION;$SHOWNEWEST;$IMPORTANCE;$WEBDOMAIN" >> $OUTFILE ;

        fi

    fi

 

By: CSoellinger

Nice done! Your script give me some inspiration making a BashUpdateChecker

https://github.com/ShrimpDev/BashUpdateChecker

Maybe you want push some code there :)

By: Alrik

Since release 3.5 version.php syntax has changed from public $RELEASE = '3.4'; to const RELEASE = '3.6';Editing these lines works for me        VERSION=`grep '$RELEASE\|const RELEASE' $F | sed -r "s/^.*=\s*'(.*)'.*$/\1/g"` ;        SUBVERSION=`grep '$DEV_LEVEL\|const DEV_LEVEL' $F | sed -r "s/^.*=\s*'(.*)'.*$/\1/g"` ;

 

 

By: Chad

Any chance something else has changed recently?  I edited those two lines that Alrik mentioned but the script still won't work for the newest Joomla 3.x versions. It does still detect old 2.5.x versions.   If possible could the whole script be reposted here with the updated code or put on github?  The bashupdatechecker that CSoellinger mentioned is no longer available either.

By: Dion

It would be nice if there would be a newer version of this script. Everything older than version 3.8 is a no go and even version 4 is out. There were other good scripts, but a lot of them disapeared.