Expolitable scripts

[cranzi]

Why do people hesitate to keep their scripts updated and allow an area on their website open for any hacker to just wander in and take advantage of. Most places have cPanel and its really not hard to click an update button, so why are people being so lazy about it?

[eUKShane]

Hello,

Yeah. It is always recommended to update cpanel scripts when there's a notice in your WHM to do so, once you've checked out "cPanel Forums - Powered by vBulletin" that it's not a 'bad' update OR when there's a security issue that needs updating OR if the version you're using has a bug that can be remedied by an upgrade.

/scripts/upcp updates cPanel to the latest of whichever version you have it set to update, ie. edge, release or stable.

You just want to ensure that you've got the latest offerings of cpanel. As you can see there are a number of reasons why you might want to do so.

By default upcp script is scheduled to run once a day as a cron job, and once the update task is completed, crontab will automatically send a notification email to administrator or webmaster. If you don’t want to run it everyday then at least do it once in a week.

[mitchell]

I guess you're also talking about installed scripts (eg. blogs, forums, etc) and not just cPanel itself, right? Yeah, people do tend to neglect keeping their scripts up to date. The laziness factor is probably one reason, that and because people tend not to bother if something is working for them right now and will only see sense when it's already too late (ie. they've already been hacked). Another big reason, IMHO, is that may people use plugins and have customized their scripts to such an extent that upgrading it will break their website.

[crikee]

I heard that sometimes a host will hold off for a few days when Fantastico makers (netenberg?) release an updated copy of cpanel. This gives time to work the bugs out. And what happens if someone has cpanel but does not have WHM, can they still get updates?