Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Version scans

Discussion in 'Security' started by Josh26, May 17, 2012.

  1. Josh26

    Josh26 Member

    Joined:
    May 17, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    DataCenter Provider
    Hey guys,

    I'm aware there are a LOT of security plugins. But I've been through a large number and most appear focussed on either detecting intrusions, or providing "generic" filters.

    I'm considering this.
    90% of our hosts just run a Wordpress installation.
    90% of those never update it.

    A plugin that would simply email me and say "these four accounts have out of date Wordpress installations" sounds interesting.

    Does such a thing exist? I'm interesting in a development effort once I'm sure I'm not covering someone elses ground.
     
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    255
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Softaculous will display in WHM a list of the installed scripts - installed version and the latest version available . Check the attache image.
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ChrisFirth

    ChrisFirth Active Member
    PartnerNOC

    Joined:
    Apr 10, 2008
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    56
    cPanel Access Level:
    DataCenter Provider
    Fantastico has the same feature (but its rather slow) but it only works for scripts etc. that are installed via Fantastico. I am assuming that Softaculous is the same? If so it's a bit of a problem when a large amount of customers install it themselves not using the automatic installer.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    cPanel addons does this as well for scripts installed via cPanel addons. Installatron also provides this feature.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Josh26

    Josh26 Member

    Joined:
    May 17, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    51
    cPanel Access Level:
    DataCenter Provider
    Many thanks all.

    The answer appears to be "yes, if you use an automated installer".
     
  6. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    993
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    But also only if the client actually installed Wordpress via an automated installer. So it's not 100% fool proof.

    And also consider this: Most often it's not an outdated Wordpress (as per this example) installation that gets hacked, but rather an outdated or insecure plugin, which the automated installer can't detect.

    You can use something like this: PHP script searches for malicious code on a hacked server or even better, Nessus security scanner as well.
     
  7. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,608
    Likes Received:
    32
    Trophy Points:
    238
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The issue anyway with using an automated installer is that those don't always have the most recent version of WordPress or whatever either. Scripts tend to update frequently. You might instead use some script to check the WordPress site for the most recent version and then scan the server each day for the existing versions.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice