Virtuemart Expert

Hundreds of osCommerce shops have been hacked and are now used to spread malware and trojans. According to heise.de (a large german IT-magazine), the hackers used a security whole in osCommerce that has been fixed nine months ago!

OK, you might not use osCommerce - but this leads to the question "When did you last update your site"? Are Joomla, Virtuemart and other extensions on your site up to date? If not, this might be a possible risk for you and (more important) for your users.

When we are asked to work on Joomla/Virtuemart sites, we often see old versions in use. Often, the shopowner is not aware that there are update or he is afraid to install it (maybe it might break the site). To be honest, it is your job to keep the site updated! If you can't do it on your own, let somebody do it for you. It is not so difficult to set up a copy of the live-site to test the update and there are tool to create backups to be safe if something goes wrong.

Unfortunately, a lot of sites use core-hacks for special functions. Mostly, these functions could have been created without hacking the code - but at least it should have been documented so that you know the changed files and are able to compare with the patch files. As a last help, there are "Diff-Tools" that can check differences in whole directory trees.

If you don't have Joomla 1.5.23 and Virtuemart 1.1.9 installed**, you should update NOW!

** the newest versions when this blogpost was written

TrackBack URI for this entry

Comments (0)