Software Version Checker: Difference between revisions

From ULYSSIS documentation
No edit summary
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Introduction==
==Introduction==
Content Management Systems, or CMS's, are easy tools to set up a website without requiring much programming or configuration. However, as is common in a lot of popular and wide-spread software, bugs or errors in the code occur. These errors can be exploited by hackers to gain access to websites or databases connected to those CMS's. Whenever a new update for a CMS, or other popular software (MediaWiki, PhpBB) is released, those hackers will try to implement them as fast as possible in order to hack the most websites. This is why it's critical to update a CMS, plugins/themes, or any related software as soon as the update comes out. To help you facilitate this, we have created a tool to help you keep the most popular software up-to-date. Currently this feature is only active if you have an organisation or student union (kring/facultair overlegorgaan) account.
Content Management Systems, or CMSs, are easy tools to set up a website without requiring much programming or configuration. However, as is common in a lot of popular and wide-spread software, bugs or errors in the code occur. These errors can be exploited by hackers to gain access to websites or databases connected to those CMSs. Whenever a new update for a CMS, or other popular software (MediaWiki, PhpBB) is released, hackers will know which security flaws have been fixed, and try to hack websites using this knowledge. This is why it's critical to update a CMS, plugins/themes, or any related software as soon as the update comes out. To help you facilitate this, we have created a tool to help you keep the most popular software up-to-date. Currently this feature is only active if you have an organisation or student union (kring/facultair overlegorgaan) account.


==I received an e-mail!==
==I received an e-mail!==
If you receive an e-mail from the CMS Version Checker, it's best you update the software mentioned in the e-mail as soon as possible. Make sure to download the latest public version, not just any newer version. It's also best to check if any other software you run is up-to-date: not all software is checked by the tool. (As seen below)
If you receive an e-mail from the Version Checker, it's best you update the software mentioned in the e-mail as soon as possible. Make sure to download the latest public version, not just any newer version. It's also best to check if any other software you run is up-to-date: not all software is checked by the tool (as seen below).


==Supported Software==
==Supported Software==
Line 13: Line 13:


==Operation==
==Operation==
In general, the CMS Version Checker performs the following steps:
In general, the Version Checker does the following:
* Retrieve all outdated software and respective locations from a database, and check their version
* Scan relevant files, detect supported software, and store in database
* Check the version and validity of outdated software
* Mail accounts using outdated software
* Mail accounts using outdated software
* Scan relevant files, detect supported software, and store in database


==Stored Data==
==Stored Data==
Line 22: Line 22:
* The location of the CMS, plugin/extension or theme
* The location of the CMS, plugin/extension or theme
* The responsible organisation or student union (kring/facultair overlegorgaan)
* The responsible organisation or student union (kring/facultair overlegorgaan)
* The personal account e-mail address
* The detected software version
* The detected software version
* The type and name of the software
* The type and name of the software
Line 29: Line 28:


==Ignored Paths==
==Ignored Paths==
The CMS Version Checker has a feature allowing ULYSSIS members to specify paths that will not be searched for software. If you believe you have software that should be ignored (for example certain custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org. Please list your account name, the location of the specific file(s), the nature of what is being detected, and a detailed description of the specific situation.
The Version Checker has a feature allowing ULYSSIS members to specify paths that will not be searched for software. If you believe you have software that should be ignored (for example certain custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org. Please list your account name, the location of the specific file(s), the nature of what is being detected, and a detailed description of the specific situation.
 
==Ignored Organisations/Student Unions==
In addition to the ignored paths feature, the Version Checker can also ignore specific Organisations or Student Unions entirely. This feature is possible on request, but only after extensive deliberation with ULYSSIS. Enabling this feature also carries possible consequences: no more mails about outdated software, ever (unless enabled on request), and no support if/when your account gets hacked (the account will be suspended immediately).
 
[[Category:CMSs]]
 
[[Category:Security & anti-spam]]

Latest revision as of 13:47, 16 April 2020

Introduction

Content Management Systems, or CMSs, are easy tools to set up a website without requiring much programming or configuration. However, as is common in a lot of popular and wide-spread software, bugs or errors in the code occur. These errors can be exploited by hackers to gain access to websites or databases connected to those CMSs. Whenever a new update for a CMS, or other popular software (MediaWiki, PhpBB) is released, hackers will know which security flaws have been fixed, and try to hack websites using this knowledge. This is why it's critical to update a CMS, plugins/themes, or any related software as soon as the update comes out. To help you facilitate this, we have created a tool to help you keep the most popular software up-to-date. Currently this feature is only active if you have an organisation or student union (kring/facultair overlegorgaan) account.

I received an e-mail!

If you receive an e-mail from the Version Checker, it's best you update the software mentioned in the e-mail as soon as possible. Make sure to download the latest public version, not just any newer version. It's also best to check if any other software you run is up-to-date: not all software is checked by the tool (as seen below).

Supported Software

  • Drupal, Drupal Modules, Drupal Themes
  • Joomla (Joomla Plugins are not supported yet)
  • MediaWiki (MediaWiki Extensions and Themes are not supported yet)
  • PhpBB, PhpBB Plugins, PhpBB Styles
  • WordPress, WordPress Plugins, WordPress Themes

Operation

In general, the Version Checker does the following:

  • Scan relevant files, detect supported software, and store in database
  • Check the version and validity of outdated software
  • Mail accounts using outdated software

Stored Data

The following data is stored in the database:

  • The location of the CMS, plugin/extension or theme
  • The responsible organisation or student union (kring/facultair overlegorgaan)
  • The detected software version
  • The type and name of the software
  • The update URL for the software
  • The date the entry was added

Ignored Paths

The Version Checker has a feature allowing ULYSSIS members to specify paths that will not be searched for software. If you believe you have software that should be ignored (for example certain custom plugins or themes), you are free to e-mail a request to ulyssis@ulyssis.org. Please list your account name, the location of the specific file(s), the nature of what is being detected, and a detailed description of the specific situation.

Ignored Organisations/Student Unions

In addition to the ignored paths feature, the Version Checker can also ignore specific Organisations or Student Unions entirely. This feature is possible on request, but only after extensive deliberation with ULYSSIS. Enabling this feature also carries possible consequences: no more mails about outdated software, ever (unless enabled on request), and no support if/when your account gets hacked (the account will be suspended immediately).