If you have a server and many sites running on it, it is difficult that to find which accounts are using the outdated WordPress/Joomla. The below scripts helps you to find outdated versions of WordPress and Joomla on your server.
cPanel Server:
Find outdated versions of WordPress.
find /home/*/public_html/ -type f -iwholename "*/wp-includes/version.php" -exec grep -H "\$wp_version =" {} \;
Find outdated versions of Joomla.
find /home/*/public_html/ -type f \( -iwholename '*/libraries/joomla/version.php' -o -iwholename '*/libraries/cms/version.php' -o -iwholename '*/libraries/cms/version/version.php' \) -print -exec perl -e 'while (<>) { $release = $1 if m/ \$RELEASE\s+= .([\d.]+).;/; $dev = $1 if m/ \$DEV_LEVEL\s+= .(\d+).;/; } print qq($release.$dev\n);' {} \; && echo "-"
Find Outdated Drupal Versions.
find /home/*/public_html/ -type f -iwholename "*/modules/system/system.info" -exec grep -H "version = \"" {} \;
Plesk Server:
Find outdated versions of WordPress.
find /var/www/vhosts/*/httpdocs/ -type f -iwholename "*/wp-includes/version.php" -exec grep -H "\$wp_version =" {} \;
Find Outdated Drupal Versions.
find /var/www/vhosts/*/httpdocs -type f -iwholename "*/modules/system/system.info" -exec grep -H "version = \"" {} \;
cPanel Server:
Find outdated versions of WordPress.
find /home/*/public_html/ -type f -iwholename "*/wp-includes/version.php" -exec grep -H "\$wp_version =" {} \;
Find outdated versions of Joomla.
find /home/*/public_html/ -type f \( -iwholename '*/libraries/joomla/version.php' -o -iwholename '*/libraries/cms/version.php' -o -iwholename '*/libraries/cms/version/version.php' \) -print -exec perl -e 'while (<>) { $release = $1 if m/ \$RELEASE\s+= .([\d.]+).;/; $dev = $1 if m/ \$DEV_LEVEL\s+= .(\d+).;/; } print qq($release.$dev\n);' {} \; && echo "-"
Find Outdated Drupal Versions.
find /home/*/public_html/ -type f -iwholename "*/modules/system/system.info" -exec grep -H "version = \"" {} \;
Plesk Server:
Find outdated versions of WordPress.
find /var/www/vhosts/*/httpdocs/ -type f -iwholename "*/wp-includes/version.php" -exec grep -H "\$wp_version =" {} \;
Find outdated versions of Joomla.
find /var/www/vhosts/*/httpdocs/ -type f \( -iwholename '*/libraries/joomla/version.php' -o -iwholename '*/libraries/cms/version.php' -o -iwholename '*/libraries/cms/version/version.php' \) -print -exec perl -e 'while (<>) { $release = $1 if m/ \$RELEASE\s+= .([\d.]+).;/; $dev = $1 if m/ \$DEV_LEVEL\s+= .(\d+).;/; } print qq($release.$dev\n);' {} \; && echo "-"
Find Outdated Drupal Versions.
find /var/www/vhosts/*/httpdocs -type f -iwholename "*/modules/system/system.info" -exec grep -H "version = \"" {} \;
Make sure any applications you use are kept up-to-date and limit the use of third-party plug-in's where possible as they can be a source of many issues and may be updated less frequently or created by unscrupulous publishers. If you are writing your own code, be sure to validate your input fields for special characters and ensure you are checking for this type of hacking in your database procedures called from the website.If you are using a database driven program (e.g. WordPress, Joomla, OSCommerce), then all you need to do is upgrade your programs to the latest version available.
Most software that users run on the websites are Open Source software. Open Source software is software that is freely available for anyone to download and use. For example, both Joomla and Wordpress are very commonly used, and they are both Open Source. One of the drawbacks of Open Source software is that anyone can download and view the software's code, which makes it easier for hackers to find ways to compromise a website. The authors of such Open Source Applications release updates and security patches on a regular basis. Please be sure that you are running the most current versions of any third party software on your website, as the most current version is usually the most secure version as well.
The following is a list of links, for Wordpress and Joomla specifically, that point to the software's own information about security:
WordPress
------------------
Wordpress.org - How to Keep WordPress Secure
http://wordpress.org/development/2009/09/keep-wordpress-secure/
Wordpress.org - Hardening WordPress
http://codex.wordpress.org/Hardening_WordPress
Wordpress.org - Upgrading Wordpress
http://codex.wordpress.org/Upgrading_WordPress
Joomla
------------------
The Joomla Security Center includes information about their latest security news, their latest security articles, and more information in general about the Joomla Security Strike Team.
The Joomla Security Center includes information about their latest security news, their latest security articles, and more information in general about the Joomla Security Strike Team.
Joomla.org - Joomla Security Center
http://developer.joomla.org/security.html
Joomla.org - Upgrade Instructions
http://docs.joomla.org/Upgrade_Instructions
Joomla.org - Vulnerable Extensions List
http://docs.joomla.org/Vulnerable_Extensions_List
Drupal
------------------
drupal.org - Drupal Security Center
https://www.drupal.org/security
drupal.org - Drupal Downloads
Keeping any third party plugins / extensions on your website up to date is just as important as keeping the core software up to date as well.
Drupal
------------------
drupal.org - Drupal Security Center
https://www.drupal.org/security
drupal.org - Drupal Downloads
https://www.drupal.org/project/drupal
Also You will need to make sure your personal computer is up to date for all software and specifically including:
- Adobe Acrobat Reader
- Adobe Flash Player
- Adobe Shockwave
- Any FTP Program including Filezilla FTP and WS_FTP
Any computer running insecure and outdated software is vulnerable to security issues. Keeping the software running on your computer up to date and regularly changing your passwords are the best precautions to take.
It is also very possible that your software has been updated already and the attempted hack was possible because some time in the past your personal computer had a combination of software that was not secure. At that time, the method the hackers used would find your FTP username and password from your files and send it from your personal computer out to a repository they set up for future use.
One of the more commonly used exploitable programs is Adobe's Acrobat Reader. Adobe has released security advisories on their website, including information on how to update the version you are running to the latest stable and secure release. You can reach Adobe's Security bulletins and advisories webpage via the following link:
http://www.adobe.com/support/security/
You should also immediately reset your cPanel password (which is your FTP password as well) to a secure password that is at least seven characters long, and uses a combination of letters, numbers, and special characters. You can reset your cPanel password within the "Change Password" section of your cPanel.
No comments:
Post a Comment