Lunarpages Web Hosting Forum

Author Topic: Softaculous forced scripts upgrades  (Read 7329 times)

Offline razor7

  • Newbie
  • *
  • Posts: 3
Softaculous forced scripts upgrades
« on: May 29, 2018, 04:26:16 AM »
Hi! I've received this email and got a joomla! production site down because of this nonsense abuse!

Quote
Hello,

Please read this email carefully as it contains actions
items that need immediate attention from you.

As we continue to increase the security of our network,
it has become necessary for us to force the upgrades of
many
scripts. Many of these outdated scripts create
vulnerabilities that can be avoided.

Beginning on Tuesday May 7, 2018, we will begin the
process of updating all scripts on our shared server
environment. Any scripts that were installed using
Softaculous will naturally be updated. Any scripts that
were
installed manually will be imported into Softaculous and
managed through that interface...

I need to know how to disable this nonsense! As you clearly know, you can't upgrade PHP scripts as you want, because they may broke the entire website! In many cases the update may turn into an upgrade that the client may refuse to pay for, I mean, updating joomla! is not just drop in the new version of the system, it means to check everything is working as expected, after the update, then double check new plugin versions and do the update for those too, do the same for components and recheck all again, if something fails, and believe me, it will, do the necessary changes to get all working together again and after 2 or 3 days of hard work, you got an upgraded joomla! site and expect no payment from your customer, because no one pays for upgrading something it was working flawlessly. To do this on a double secured site that is in production and working well is a no go!

In my case I have double secured all sites by enabling CloudFlare DNS security and installed joomla! security plugins like OSESecure and jHackGuard.

I think that doing compulsive upgrades this from your end to a customer worth 10 years of loyalty is a real abuse!

Please reconsider this and let us, at least, choose to disable this "feature"!

Thanks!

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6331
Re: Softaculous forced scripts upgrades
« Reply #1 on: May 29, 2018, 05:33:51 AM »
Further discussion see also https://www.lunarforums.com/index.php?topic=100522.0

As feared, the forced upgrades are breaking working sites. The only alternative to LP going in and manually updating sites (which they don't have the expertise or manpower to do) would be to disable sites until upgraded by the owners. It's more stick than carrot, but I don't know what else could be done when most site owners refuse to upgrade insecure applications on their own.

LP wiped out (erased) an old heavily modified osCommerce installation of mine that wasn't in active use (and it wasn't installed via Softaculous, either). I still have a backup of it if I decide I need to get it back. You do have a backup of your site, don't you? I have no idea how often LP intends to sweep through and forcibly upgrade site software, but I suspect it won't be a one-time event, so restoring your site may give you only a brief reprieve.

LP's intentions are certainly good, to improve system security by getting rid of backlevel applications, but I don't know how it could be done in a more customer-friendly way. Left to their own ways, most LP customers will ignore pleas to upgrade their applications, so the sledgehammer approach may be the only practical course.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-