The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Version scans

Discussion in 'Security' started by Josh26, May 17, 2012.

  1. Josh26

    Josh26 Member

    Joined:
    May 17, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Hey guys,

    I'm aware there are a LOT of security plugins. But I've been through a large number and most appear focussed on either detecting intrusions, or providing "generic" filters.

    I'm considering this.
    90% of our hosts just run a Wordpress installation.
    90% of those never update it.

    A plugin that would simply email me and say "these four accounts have out of date Wordpress installations" sounds interesting.

    Does such a thing exist? I'm interesting in a development effort once I'm sure I'm not covering someone elses ground.
     
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    Softaculous will display in WHM a list of the installed scripts - installed version and the latest version available . Check the attache image.
     

    Attached Files:

  3. ChrisFirth

    ChrisFirth Active Member
    PartnerNOC

    Joined:
    Apr 10, 2008
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    Fantastico has the same feature (but its rather slow) but it only works for scripts etc. that are installed via Fantastico. I am assuming that Softaculous is the same? If so it's a bit of a problem when a large amount of customers install it themselves not using the automatic installer.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    cPanel addons does this as well for scripts installed via cPanel addons. Installatron also provides this feature.
     
  5. Josh26

    Josh26 Member

    Joined:
    May 17, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    Many thanks all.

    The answer appears to be "yes, if you use an automated installer".
     
  6. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    But also only if the client actually installed Wordpress via an automated installer. So it's not 100% fool proof.

    And also consider this: Most often it's not an outdated Wordpress (as per this example) installation that gets hacked, but rather an outdated or insecure plugin, which the automated installer can't detect.

    You can use something like this: PHP script searches for malicious code on a hacked server or even better, Nessus security scanner as well.
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The issue anyway with using an automated installer is that those don't always have the most recent version of WordPress or whatever either. Scripts tend to update frequently. You might instead use some script to check the WordPress site for the most recent version and then scan the server each day for the existing versions.
     
Loading...

Share This Page