Tons of old Joomla CMS still running on the web

Written by - 0 comments

Published on - Listed in Internet Linux Rant


In the past weeks I had to handle a lot of hacked Joomla websites. All of them were using old and end of life versions, most of them were using version 1.5.
Out of curiosity and for customer information, I took a look around on 12 shared hosting servers and found shocking information, that most of the customers have set up their Joomla once and have never updated ever since.

I used the following command to find Joomla installations and their version number:

for file in $(find /var/www/web*/ -name version.php); do echo $file; egrep -n '(\$RELEASE|\$DEV_LEVEL)' $file; echo "----------------"; done

Take a look at the following table with the version overview:

 Version  # of installations
 Release Date
 End of Life Date
 1.0  47  2005-09-22  2009-07-22
 1.5 (LTS)  114  2008-01-22  2012-12-01
 1.6  10  2011-01-10  2011-08-19
 1.7  9  2011-07-19  2012-02-24
 2.5
 57
 2012-01-24
 2014-03

This clearly shows that the 1.5 (LTS = Long Term Support) was used the most. But This version is end of life for three months now and there won't be any new patches. Even the latest patch release 1.5.26 is already known to be vulnerable. What is even more shocking by looking at this table, is that there are almost 50 active websites with a Joomla 1.0 installation! This version is end of life for almost four years now!

The main reason why customers didn't update their Joomla is probably the lack of an online update procedure in previous Joomla versions. Only since version 2.5 an online update is possible.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder