Using PHP v5 becomes dangerous in 6 weeks
WordPress, Joomla, Drupal and many other popular website CMSs were written in a programming language called PHP. PHP version 5 is about to reach end-of-life and will stop receiving security updates in two months. Many WordPress and other PHP websites remain on version 5.6 or older. Once support for PHP 5 ends in two months, these sites are in a precarious position and will become exploitable as new PHP 5 vulnerabilities emerge without security updates.
What is End-Of-Life or ‘EOL’ in Software?
When a software product reaches EOL, it is no longer supported by software developers. That means that, even if someone finds a security hole in the software, the developers will not fix it.
If a development team is productive, they will release many versions of the software they work on over time. It becomes impractical to support every version of the code ever released. So a compromise needs to be made.
This compromise is that the development team will only support their software for a certain amount of time. After that time has elapsed, the development team suggests that the user community upgrade to a newer version of the same software, which usually does things better than the old versions and is fully supported.
Is PHP Version 5 going to be EOL soon?
Yes. PHP version 5 will be declared End-Of-Life on January 1st, 2019. That is, in approximately 6 weeks at the time of writing.
If you think you still have time, you are sorely mistaken. Malicious actors have already started probing websites that are running PHP v5.6 and older by testing for shell upload vulnerabilities.
Shell upload vulnerabilities allow an attacker to upload a malicious PHP file and execute it by accessing it via a web browser. The “shell” is a PHP script that allows the attacker to control the server – essentially a backdoor program, similar in functionality to a trojan for personal computers. If the attacker can upload this page/shell to a web site, they can control the application server. Shell upload vulnerabilities are very easy to find and exploit in PHP. File uploads are usually handled by the move_uploaded_file() function, so searching for calls to that function can reveal code that might be potentially vulnerable.
Through Mjolnir’s leading Threat Intelligence platform, our investigators are tracking malicious actors probing and making lists of vulnerable websites.
We performed a search for the last 60 days to identify all the attacks where c100.php was queried. Our findings show an uptick from 14 October 2018 on the frequency of attacks, which perfectly coincides with articles such as PHP 5 End of Life is upon us; why you should care appearing in the news. As the malicious actors learn of the impending security weakness, they have started flexing muscles so to speak. Check the graph below:
The targeted websites look concentrated in the United States, which does not mean that they are the biggest victim. Most of the world’s websites are hosted within Data Centers physically present in the United States.
If you are unsure of your current websites’s php version or are interested in learning more on how you can be protected, get in touch with us!
The full list of targeted countries is here:
|Virgin Islands (british)||825|
|United Arab Emirates||320|
|Bosnia And Herzegovina||9|
|Saint Kitts And Nevis||3|
|Isle Of Man||2|
|Occupied Palestinian Territory||2|
Read more on shell vulnerabilities here: https://blog.securityinnovation.com/blog/2014/01/preventing-shell-upload-vulnerabilities-in-php.html