Without knowing the OS and patch version number, whether or not a company uses PHP 5.3 is completely irrelevant to how secure they are.<p>Ubuntu 12.04 LTS ships with PHP 5.3.10, and has been backporting security fixes since the PHP project EOL'd it. This will continue until April 2017.<p>RHEL 6 and CentOS 6 both support PHP 5.3.3, and will continue to do so for the remainder of their impressively long support cycle, until November 2020.<p>There's been a lot of FUD about outdated PHP versions going around in some circles, and I'm frankly very annoyed by it. Free and open-source software aren't like Windows XP. The original developer(s) announced EOL, so what? I'm under no obligation to get my PHP interpreter from the original developer(s), I get it from Red Hat and/or Canonical.<p>The whole point of having a stable Linux distribution is so that you can stop worrying about upstream EOL issues. Heck, RHEL/CentOS have even been backporting security fixes for PHP 5.1.6, not that any sane person would want to use that dinosaur of a version.<p>Some of the hosts on that list, however, are indeed using dangerously outdated PHP versions. Feel free to name and shame them.
I wonder if anyone bothered to contact the hosters? If not I think this is in poor taste. As far as I'm concerned when you see issues like this the right thing to do is to reach out to said companies, detail the problem you found and give them some time to fix it before setting up a wall of shame.<p>Besides that, being up to date with software patches is hardly the only measurement of good security. The fact that some hosters don't even provide 2FA for your account would have me equally if not more worried, as would their practices regarding storing data and credentials.
> sometimes see that their front page has outdated PHP, as in 5.3 old. EOL for 11 months. That really bothers me. How can I rely on their security when their frontpage isn’t even up-to-date.<p>Errr... are you determining that the software is vulnerable through the version number alone? That won't work, some vendors backport security patches.