No more excuses - update your scripts
This morning when you go into your cPanel, you’ll see a new button under Software/Services called Old Script Finder. Old Script Finder searches your web site for old, out of date scripts by searching for signatures on some of the most popular, and most security issue-laden if not updated, scripts being used today.
After installing, we ran a report on all five servers. There’s only eight sites on the new server and half of the scripts (3 of 6) were out of date. Half of them. Before you take a deep breathe in shock at that news (considering the server hasn’t even been up a week), let’s get to all of you other folks on the older four servers… I’m sorry to say wasn’t a single one that didn’t have 80% of the scripts out of date - ranging from just a few steps behind to woefully, woefully so far behind that the message was “script obsolete”. Even we were a bit surprised at the statistics.
Currently, we have only the most basic options on this script enabled - every Saturday, it will search all the servers and it will take stock of who’s scripts are out of date. That report will appear in your cPanel. It will tell you what script is out of date, where that script is located, what version you have and what the current released version of the script is. There is also a button for you to run the script on your own to take a look in your own directory if you install something - please use it sparingly as this is a fairly resource intensive endeavor.
The catch is you need to look at it, and you need to take action.
Hopefully, this handy tool will help you get a handle on updates and give you information you didn’t have before. It should also help folks that have installed scripts and forgotten about them - I took a look at some of the things that were found and I get the feeling that a few of you are going to be shocked at what’s hanging out in your web site.
If the statistics don’t get significantly better, we’ll take the next step and have the server email you regarding your out of date scripts. If that doesn’t get a response, at some point, we may start locking them down after repeatedly warnings are ignored.
For a list of scripts that are looked at, click the more information button below.
Advert Scripts
* openx
* phpadsnew
* phplinks
Blog/CMS Scripts
* b2evolution
* bmachine
* cutenews
* DCPPortal
* drupal
* drupal5
* e107
* e1076
* ezContents
* ezpublish
* geeklog
* impressCMS
* jetbox
* joomla
* joomla10
* mambo
* metadot
* moodle
* movabletype
* nucleus
* PHPizabi
* phpnuke
* phpwcms
* phpwebsite
* pivot
* postnuke
* SimpNews
* siteframe
* typo3
* wordpress
* Xoops
* Xoops 2.2 Branch
* XpressionNews
Chat Scripts
* craftysyntax
* helpcenterlive
* phpfreechat
Email Scripts
* FormMail
* hordeIMP
* nameko
* neomail
* nocc
* PHPList
* squirrelmail
Forum Scripts
* bbv2
* DeluxeBB
* eblah
* freeForum
* ikonboard
* IPB
* mercuryboard
* miniBB
* MyBB
* phorum
* phpBB2
* phpBB3
* SMF
* UPB
* vbulletin
* WAgora
* WWWBoard
* XMB
* YaBB
* YaBBSE
Guestbook Scripts
* AdvancedGuestbook
* EGuest
* Guestbook
* phpbook
Helpdesk Scripts
* deskpro
* osTicket
* phpsupporttickets
Image Scripts
* 4images
* coppermine
* gallery
* gallery1
* tinywebgallery
Misc Scripts
* amember
* openrealty
* WebCalendar
Poll Scripts
* phpESP
Project Scripts
* dotproject
* PHProjekt
Shopping Scripts
* Agora
* cpshop
* cubecart
* EWBusinessPortal
* oscommerce
* phpBMS
* phpCOIN
* phpShop
* QuickCart
* zencart
Utility Scripts
* DaDaBIK
* phpMyAdmin
Wiki Scripts
* mediawiki
* phpwiki
* tikiwiki
* wikiwig
* WikkaWiki
Total scripts supported: 101.
Tags: old script finder, security
I ran it this morning, and I’m clean. Well, I need a shower, but the site is clean.
[Reply]
DrakNet replied on June 12th, 2008:
There really is no need for ya’ll to run it unless you install something new - it’s set to run every Saturday and the newest scans will be shows in there for each week.
If you install something new and you have a question about it being up to date, feel free to fun it. But other than that, checking it now and again is all you need to do - unless, of course, something actually shows up.
[Reply]
JodiLee on June 12th, 2008 at 9:35 am
I am told that I need to upgrade Wordpress to 2.5.1, SMF to 1.1.5 and coppermine to 1.4.18.
For Wordpress, on clicking upgrade, I get the message:
“Click on Upgrade only if
- no files, languages, themes have been modified
- you haven’t added mods to this installation of WordPress”
Well, I have modified themes. How do I upgrade?
For SMF, I am told:
“Only manual upgrade possible”
How do I do this? Also, the version on the server is 1.1.4. How do I get 1.1.5 installed?
For coppermine, the version on the server is 1.4.16. How do I upgrade to 1.4.18?
[Reply]
DrakNet replied on June 12th, 2008:
For Wordpress, you’ll need to download it from the wordpress site here http://codex.wordpress.org/Upgrading_WordPress and follow the directions on how to upgrade the installation.
If SMF says only manual upgrade possible, it means your install is too far behind to be done by Fantastico anymore. You’ll need to upgrade it manually, and you’ll be able to get the latest version on their site.
[Reply]
Kevin Taylor on June 12th, 2008 at 6:01 pm
I’ve got heavily modified themes running on all of my sites (all WP) and I’ve used the Fantastico update each time. It’s always worked, except when I was using a 1.5 compatible theme and updated to 2.0.
[Reply]
JodiLee on June 14th, 2008 at 10:52 am