Find old scripts on server

bettinz

Member
Jun 17, 2011
19
0
51
Hello, i've search on the forums, but without results :(

I'm looking for a system that keep me informed on who have an outdated version of scripts in their public_html; for example, if user A have Joomla 1.5.25, with security trouble, i want to be notified, and eventually, after X days, put down the website.

I think it's important, today, with CMS everywhere, and with bugged components for Joomla or plugins for wordpress (for example), find a way to keep everything updated.

I've found LMD and CXS, but i think they found only "real" malware, and not bugged scripts (like old versions of plugins or wordpress). I've also found Old Script Finder - scan your servers for old, out of date perl/PHP scripts. but I can't understand if it's really maintained.

Anyone have this problem? How have you solved? I already use a "cage" system, so every website is isolated, but I want to prevent, if possible ;)
 

faisikhan

Well-Known Member
Dec 12, 2011
86
0
56
Islamabad, Pakistan
cPanel Access Level
Root Administrator
Your idea is great to protect our sites from getting hacked and also preventing them from attacks but that needs to have some scripts written in any programming language like Perl or python checking the plugins or patches regularly and update the admin via an email about the upgrade etc. I'll also search and sort out for any suitable solution & will try to post here on the same thread if I get one.
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
I'm unsure how many 'in house cooked' (or half baked) solutions for this requirement are floating about, but if you're using it it's possible to add checks for out dated scripts to ossec and a while back a few such rules were added

Detecting outdated (web) applications with OSSEC | Daniel Cid

The approach taken by old script finder (looking in document roots by examining httpd.conf) is interesting, but that site does look rather neglected doesn't it, I've dropped them a line to enquire
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

If you are unable to find a viable script to meet those requirements, our application catalog provides a list of third-party developers that you can consult with:

Development Services

Thank you.