ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Could not upgrading to 163 make a site vulnerable to hackers



  • 2009-09-04 21:18:27

    Could not upgrading to 163 make a site vulnerable to hackers

    I'm not posting this to cause alarm or anything, just an honest question.

    Earlier today my site was hacked and malicious code was injected into every .php file. After several hours of working with the webhost, it seems to be cleaned up now. However, they repeatedly encouraged me to "update my scripts" and mentioned ATutor specifically. I have 1.6.2 installed (and fully patched) and I have been resisting upgrading to 1.6.3 because I don't want to lose all of the modifications I've made to my installation.

    So, my question is: Could failing to upgrade to 1.6.3 leave a site vulnerable? Also, I'm not saying that the hackers got in via ATutor, although the webhost didn't rule it out.

    Thank you.


  • 2009-09-05 13:35:55

    Re: Could not upgrading to 1.6.3 make a site vulnerable to hackers?

    I'm sorry to hear about you site having been hacked.
    If you want to be absolutely sure about security, then you should indeed have the latest version with patches at any time. Re-applying changes can be cumbersome, but it's a necessary evil.

    Having said that, no serious security flaws in 1.6.3 have been publicly reported and patched so far, so I suppose that 1.6.2 remains fairly current in security respect.
    But finding such flaws is usually just a matter of time and, since ATutor doesn't publish patches for older versions, you should probably upgrade as soon as time permits you.