Tons of old Joomla CMS still running on the web

Written by Claudio Kuenzler - 0 comments

Published on March 7th 2013 - Listed in Internet Linux Rant

---

In the past weeks I had to handle a lot of hacked Joomla websites. All of them were using old and end of life versions, most of them were using version 1.5.
Out of curiosity and for customer information, I took a look around on 12 shared hosting servers and found shocking information, that most of the customers have set up their Joomla once and have never updated ever since.

I used the following command to find Joomla installations and their version number:

for file in $(find /var/www/web*/ -name version.php); do echo $file; egrep -n '(\$RELEASE|\$DEV_LEVEL)' $file; echo "----------------"; done

Take a look at the following table with the version overview:

Version	# of installations	Release Date	End of Life Date
1.0	47	2005-09-22	2009-07-22
1.5 (LTS)	114	2008-01-22	2012-12-01
1.6	10	2011-01-10	2011-08-19
1.7	9	2011-07-19	2012-02-24
2.5	57	2012-01-24	2014-03

This clearly shows that the 1.5 (LTS = Long Term Support) was used the most. But This version is end of life for three months now and there won't be any new patches. Even the latest patch release 1.5.26 is already known to be vulnerable. What is even more shocking by looking at this table, is that there are almost 50 active websites with a Joomla 1.0 installation! This version is end of life for almost four years now!

The main reason why customers didn't update their Joomla is probably the lack of an online update procedure in previous Joomla versions. Only since version 2.5 an online update is possible.

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.