In the past weeks I had to handle a lot of hacked Joomla websites. All of them were using old and end of life versions, most of them were using version 1.5.
Out of curiosity and for customer information, I took a look around on 12 shared hosting servers and found shocking information, that most of the customers have set up their Joomla once and have never updated ever since.
I used the following command to find Joomla installations and their version number:
for file in $(find /var/www/web*/ -name version.php); do echo $file; egrep -n '(\$RELEASE|\$DEV_LEVEL)' $file; echo "----------------"; done
Take a look at the following table with the version overview:
|Version|| # of installations
|| Release Date
|| End of Life Date
| 1.5 (LTS)
This clearly shows that the 1.5 (LTS = Long Term Support) was used the most. But This version is end of life for three months now and there won't be any new patches. Even the latest patch release 1.5.26 is already known to be vulnerable. What is even more shocking by looking at this table, is that there are almost 50 active websites with a Joomla 1.0 installation! This version is end of life for almost four years now!
The main reason why customers didn't update their Joomla is probably the lack of an online update procedure in previous Joomla versions. Only since version 2.5 an online update is possible.
No comments yet.
AWS Android Ansible Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder