In the past weeks I had to handle a lot of hacked Joomla websites. All of them were using old and end of life versions, most of them were using version 1.5.
Out of curiosity and for customer information, I took a look around on 12 shared hosting servers and found shocking information, that most of the customers have set up their Joomla once and have never updated ever since.
I used the following command to find Joomla installations and their version number:
for file in $(find /var/www/web*/ -name version.php); do echo $file; egrep -n '(\$RELEASE|\$DEV_LEVEL)' $file; echo "----------------"; done
Take a look at the following table with the version overview:
|| # of installations
|| Release Date
|| End of Life Date
| 1.5 (LTS)
This clearly shows that the 1.5 (LTS = Long Term Support) was used the most. But This version is end of life for three months now and there won't be any new patches. Even the latest patch release 1.5.26 is already known to be vulnerable. What is even more shocking by looking at this table, is that there are almost 50 active websites with a Joomla 1.0 installation! This version is end of life for almost four years now!
The main reason why customers didn't update their Joomla is probably the lack of an online update procedure in previous Joomla versions. Only since version 2.5 an online update is possible.