TEST Software Version Checker: Difference between revisions

From ULYSSIS documentation
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Introduction==
==Introduction==
Nieuw :
Many of our users use the same popular software to run their website. However, as is common in popular and widespread software, various bugs or errors can occur in the program. These flaws can be exploited by hackers to gain access to websites or databases.


Many of our users use the same populair software. However, as is common in many popular and widespread software, various bug or errors can occur in the program. These flaws can be exploited by hackers to gain access to websites or databases connected.
Whenever a new update is released for any popular software (e.g., WordPress, MediaWiki, Joomla) hackers will find out which security flaws have been patched, and using this knowledge, they try to find users who haven't updated their software, to gain access to the websites or databases. This is the reason why it is so critical to update the software itself,  plugins, themes, or any related software as soon as the updates roll out. To help facilitate this and prevent security breaches, we have created a tool, the Software Version Checker, to help you keep the most commonly used software up-to-date. Currently, this feature is only active if you have an organization or student union account.
==What to do when you receive an e-mail==
When you receive an e-mail from the Software Version Checker, it is of utmost importance to update the software mentioned in the e-mail. It is also the best time to check if the other software you use is up-to-date. As mentioned below, our tool does not check all software.


Whenever a new update is released for any other popular software (E.g., Wordpress, MediaWiki, Joomla) hackers will find out which security flaws have been patched, and with this knowledge, they try to find new systems flaws to gain access to the websites or databases. This is the reason why it is so critical to update the software itself,  plugins, themes, or any related software as soon as the updates roll out. To help facilitate this and prevent security breaches, we have created a tool to help you keep the most used software up-to-date. Currently, this feature is only active if you have an organization or student union  account.
You can find more information [[Updating WordPress|here]] on how to automate this for WordPress to save a lot of time and effort. Since updating MediaWiki can be a somewhat daunting process, we have made a more detailed guide available on [[Updating MediaWiki]].  
 
oud:
 
Content Management Systems, or CMSs, are easy tools to set up a website without requiring much programming or configuration. However, as is common in a lot of popular and wide-spread software, bugs or errors in the code occur. These errors can be exploited by hackers to gain access to websites or databases connected to those CMSs. Whenever a new update for a CMS, or other popular software (MediaWiki, PhpBB) is released, hackers will know which security flaws have been fixed, and try to hack websites using this knowledge. This is why it's critical to update a CMS, plugins/themes, or any related software as soon as the update comes out. To help you facilitate this, we have created a tool to help you keep the most popular software up-to-date. Currently this feature is only active if you have an organisation or student union (kring/facultair overlegorgaan) account.
==I received an e-mail!==
If you receive an e-mail from the Version Checker, it's best you update the software mentioned in the e-mail as soon as possible. Make sure to download the latest public version, not just any newer version. It's also best to check if any other software you run is up-to-date: not all software is checked by the tool (as seen below).
==Supported Software==
==Supported Software==
*Drupal, Drupal Modules, Drupal Themes
Sadly not every piece of software can be supported. Because of this, we have decided to choose the most popular software, since they are more likely to get security breaches. 
*Joomla (Joomla Plugins are not supported yet)
*Drupal (including modules and themes)
*MediaWiki (MediaWiki Extensions and Themes are not supported yet)
*Joomla (Plugins are not supported)  
*PhpBB, PhpBB Plugins, PhpBB Styles
*MediaWiki (MediaWiki Extensions and Themes are not supported)
*WordPress, WordPress Plugins, WordPress Themes
*phpBB (including plugins and styles)
==Operation==
*WordPress (including plugins and themes)
In general, the Version Checker does the following:
==Functionality of the Software Version Checker==
The Software Version Checker fulfills the following functions :
*Scan relevant files, detect supported software, and store in database
*Scan relevant files, detect supported software, and store in database
*Check the version and validity of outdated software
*Check the version and validity of outdated software
*Mail accounts using outdated software
*Notify accounts that are using outdated software
==Stored Data==
The Software Version Checker does this once every day.
The following data is stored in the database:
 
*The location of the CMS, plugin/extension or theme
==Ignoring specific software==
*The responsible organisation or student union (kring/facultair overlegorgaan)
The Software Version Checker allows specified paths to be excluded from its search. If you believe you have software that should be ignored (for example certain custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org. Please list your account name, the location of the specific file(s), the nature of what is being detected, and a detailed description of the specific situation.
*The detected software version
==Ignoring Organisations/Student Unions==
*The type and name of the software
The Software Version Checker also allows our users to ignore specific Organisations or Student Unions entirely. This feature is possible on request, but only after extensive deliberation with ULYSSIS. Enabling this feature also has possible consequences; no more mails about software that is outdated, unless it is enabled on request, and no possible support if the user's account gets hacked. If the account does get hacked it will be suspend immediately.
*The update URL for the software
*The date the entry was added
==Ignored Paths==
The Version Checker has a feature allowing ULYSSIS members to specify paths that will not be searched for software. If you believe you have software that should be ignored (for example certain custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org. Please list your account name, the location of the specific file(s), the nature of what is being detected, and a detailed description of the specific situation.
==Ignored Organisations/Student Unions==
In addition to the ignored paths feature, the Version Checker can also ignore specific Organisations or Student Unions entirely. This feature is possible on request, but only after extensive deliberation with ULYSSIS. Enabling this feature also carries possible consequences: no more mails about outdated software, ever (unless enabled on request), and no support if/when your account gets hacked (the account will be suspended immediately).

Latest revision as of 09:13, 26 October 2023

Introduction

Many of our users use the same popular software to run their website. However, as is common in popular and widespread software, various bugs or errors can occur in the program. These flaws can be exploited by hackers to gain access to websites or databases.

Whenever a new update is released for any popular software (e.g., WordPress, MediaWiki, Joomla) hackers will find out which security flaws have been patched, and using this knowledge, they try to find users who haven't updated their software, to gain access to the websites or databases. This is the reason why it is so critical to update the software itself, plugins, themes, or any related software as soon as the updates roll out. To help facilitate this and prevent security breaches, we have created a tool, the Software Version Checker, to help you keep the most commonly used software up-to-date. Currently, this feature is only active if you have an organization or student union account.

What to do when you receive an e-mail

When you receive an e-mail from the Software Version Checker, it is of utmost importance to update the software mentioned in the e-mail. It is also the best time to check if the other software you use is up-to-date. As mentioned below, our tool does not check all software.

You can find more information here on how to automate this for WordPress to save a lot of time and effort. Since updating MediaWiki can be a somewhat daunting process, we have made a more detailed guide available on Updating MediaWiki.

Supported Software

Sadly not every piece of software can be supported. Because of this, we have decided to choose the most popular software, since they are more likely to get security breaches.

  • Drupal (including modules and themes)
  • Joomla (Plugins are not supported)
  • MediaWiki (MediaWiki Extensions and Themes are not supported)
  • phpBB (including plugins and styles)
  • WordPress (including plugins and themes)

Functionality of the Software Version Checker

The Software Version Checker fulfills the following functions :

  • Scan relevant files, detect supported software, and store in database
  • Check the version and validity of outdated software
  • Notify accounts that are using outdated software

The Software Version Checker does this once every day.

Ignoring specific software

The Software Version Checker allows specified paths to be excluded from its search. If you believe you have software that should be ignored (for example certain custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org. Please list your account name, the location of the specific file(s), the nature of what is being detected, and a detailed description of the specific situation.

Ignoring Organisations/Student Unions

The Software Version Checker also allows our users to ignore specific Organisations or Student Unions entirely. This feature is possible on request, but only after extensive deliberation with ULYSSIS. Enabling this feature also has possible consequences; no more mails about software that is outdated, unless it is enabled on request, and no possible support if the user's account gets hacked. If the account does get hacked it will be suspend immediately.