In the past weeks I had to handle a lot of hacked Joomla websites. All of them were using old and end of life versions, most of them were using version 1.5.
Out of curiosity and for customer information, I took a look around on 12 shared hosting servers and found shocking information, that most of the customers have set up their Joomla once and have never updated ever since.
I used the following command to find Joomla installations and their version number:
for file in $(find /var/www/web*/ -name version.php); do echo $file; egrep -n '(\$RELEASE|\$DEV_LEVEL)' $file; echo "----------------"; done
Take a look at the following table with the version overview:
|Version|| # of installations
|| Release Date
|| End of Life Date
| 1.5 (LTS)
This clearly shows that the 1.5 (LTS = Long Term Support) was used the most. But This version is end of life for three months now and there won't be any new patches. Even the latest patch release 1.5.26 is already known to be vulnerable. What is even more shocking by looking at this table, is that there are almost 50 active websites with a Joomla 1.0 installation! This version is end of life for almost four years now!
The main reason why customers didn't update their Joomla is probably the lack of an online update procedure in previous Joomla versions. Only since version 2.5 an online update is possible.
No comments yet.
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB Containers Rancher Docker AWS ELK Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder Surveillance Elasticsearch SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu