Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Using ModulesFactory's Proxmox module? There's a nasty exploit!
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Using ModulesFactory's Proxmox module? There's a nasty exploit!

    FranciscoFrancisco Top Provider
    edited January 2016 in General

    Hello everyone,

    While doing an installation for a client today I of ModulesFactory's Proxmox WHMCS Module that's quite nasty.

    I already contacted the developer about this but haven't heard back anything. I also don't know if they will bother emailing everyone to update. Either way, it's simply easier to help people patch up and keep safe.

    I've written a workaround patch but won't be releasing it to the public. Instead, if you're a provider and can prove you're using this, please email me at [email protected] or contact me on here and I'll provide you the patch. You can also skype me at 'deltaanime'.

    Thanks to @mitgib for helping me confirm & test.

    Francisco

    BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address

    Comments

    • Uh oh.

      I believe that a number of provides are using this module. This could get very ugly, very quickly.

      This signature wasted 121 bytes of your data allocation.

      https://nixstats.com/report/56b53d6465689e44598b4567

    • FranciscoFrancisco Top Provider

      @0xdragon said:
      Uh oh.

      I believe that a number of provides are using this module. This could get very ugly, very quickly.

      s'why i'd like people to contact me and get patched :)

      Francisco

      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • Francisco said: I already contacted the developer about this but haven't heard back anything. I also don't know if they will bother emailing everyone to update. Either way, it's simply easier to help people patch up and keep safe.

      Good luck getting a response on that, I looked at this module 18 months ago and reported numerous issues including potential vulnerabilities.

      No response.

    • FranciscoFrancisco Top Provider

      @MarkTurner said:
      No response.

      Well, I confirmed, and patched, one of the big ones I found. :) It's a hackjob of a patch but it works well enough.

      Francisco

      Thanked by 1netomx
      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • jmginerjmginer Member, Provider

      What kind of exploit? Full WHMCS / Proxmox access?

      Voxility DDoS protected BGP starting from 250 EUR/month. Contact us.
      SSD VPS in Spain ☛ 9.99€/year ★ We accept Bitcoins! ★ DMCA ignore ★
    • @francisco

      why not just drop in a download link to the patch for everyone? you are kind enough to notify us all about an serious ongoing issue but the solution to it that you have created will not be published public? is there any reason behind that?

    • 0xdragon said: This could get very ugly, very quickly.

      All they have to do is kiss Fran's ring and they will be made ;)

      Thanked by 1netomx
      Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
    • FranciscoFrancisco Top Provider

      @Mark_R said:
      francisco

      why not just drop in a download link to the patch for everyone? you are kind enough to notify us all about an serious ongoing issue but the solution to it that you have created will not be published public? is there any reason behind that?

      Because then where the issue is, is now in the wild and unsuspecting hosts could get popped.

      Francisco

      Thanked by 2Mark_R netomx
      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • FranciscoFrancisco Top Provider

      @jmginer said:
      What kind of exploit? Full WHMCS / Proxmox access?

      It's a nasty exploit, i'll leave it at that.

      Francisco

      Thanked by 1netomx
      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • GM2015GM2015 Member
      edited January 2016

      I'm giving proxmox this afternoon a try. Looks easy enough to install over debian 8.

      Francisco said: Tagged:

      proxmox praisepony

      Thanked by 1netomx

      Go give Vultr(referral) a try. | GNU/Linux http://debian.org

    • FranciscoFrancisco Top Provider
      edited January 2016

      @GM2015 said:

      praisepony

      Francisco

      Thanked by 2GM2015 netomx
      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • Francisco said: Well, I confirmed, and patched, one of the big ones I found. :) It's a hackjob of a patch but it works well enough.

      Just don't use it at all, its safer all round

    • FranciscoFrancisco Top Provider

      @MarkTurner said:
      Just don't use it at all, its safer all round

      Well, for once one of my threads isn't to criticize other hosts, it's just to lend a helping hand. ;)

      Francisco

      Thanked by 1netomx
      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • Decency towards other hosts was never MarkTurner's strong side...

      Thanked by 2netomx Dylan

      "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart.", Stephen Hawking, 2017. Join the Amitz party here.

    • FranciscoFrancisco Top Provider
      edited January 2016

      @Amitz said:
      Decency towards other hosts was never MarkTurner's strong side...

      To be fair it isn't mine half the time either.

      Francisco

      Thanked by 2Jonchun netomx
      BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
      BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    • raindog308raindog308 Moderator
      edited January 2016

      miTgiB said: All they have to do is kiss Fran's ring and they will be made ;)

      BuyExploit, a new FranTech offering.

      image

      image

      For LET support, please visit the interim support desk.

    • raindog308 said: BuyExploit, a new FranTech offering.

      Have you seen a picture of Fran? He is a good looking man(nohomo), but reminds me of a gangster from pre-WWII movies, but maybe it is just me.

      Thanked by 1GCat
      Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
    • @raindog308 said:
      image

      ponysploits.com - A Frantech Brand

      Thanked by 1raindog308

      My comments are mine and mine alone, and do not reflect the opinion of my business

    • miTgiB said: Have you seen a picture of Fran? He is a good looking man(nohomo), but reminds me of a gangster from pre-WWII movies, but maybe it is just me.

      Post/reply race condition :-) Updated my post with a pic of Don Francisco.

      Thanked by 1miTgiB

      For LET support, please visit the interim support desk.

    • GCat said: ponysploits.com - A Frantech Brand

      You forgot coming soon™

      Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
    • @miTgiB said:
      You forgot coming soon™

      I feel he's way more elegant in his topless towel photo.

      vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
      $12/year HostUS Deal (768MB RAM+768MB vSwap)$11.29/year GestionDBI Deal (768MB RAM)

    • Dear Francisco,
      Thank you, we received your report and have released a patch version 1.3.4.9.1 to address the vulnerability. Patch available for customers to download in their clientarea.

      Thanks
      Mohamed.
      Modules Factory.

      Thanked by 3miTgiB key900 postcd
    • Francisco said: Well, for once one of my threads isn't to criticize other hosts, it's just to lend a helping hand. ;)

      Its not a hosting issue, its just that this vendor's modules always appear to be very rushed/sloppy, lack quality control and they don't respond bug reports even when the functionality of the module is non-existent.

      Amitz said: Decency towards other hosts was never MarkTurner's strong side...

      Maybe you mean 'respect' not 'decency'. Respect has to be earned on all sides, it starts by doing the best you can do everyday and when things go wrong, learn from it and do your utmost to ensure it doesn't happen again. The people I complain about just keep doing the same thing day after day. The cerebrum isn't in gear.

    • MarkTurner said: Maybe you mean 'respect' not 'decency'. Respect has to be earned on all sides, it starts by doing the best you can do everyday and when things go wrong, learn from it and do your utmost to ensure it doesn't happen again. The people I complain about just keep doing the same thing day after day. The cerebrum isn't in gear.

      No, I was indeed taking about decency. ;-)
      But I must admit that my definition of "business decency" is based on a completely different industry. The hosting industry follows other rules than the one I am in. But we do not have to deepen this. In fact, I just wanted to aggravate you a bit. For the fun. You know, like in a pub when someone is making a half-serious joke just for the lolz. ;-)
      Have a beer. It's on me.

      "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart.", Stephen Hawking, 2017. Join the Amitz party here.

    • Amitz said: No, I was indeed taking about decency. ;-)

      Decency - 'behavior that conforms to accepted standards of morality or respectability.'

      Border line ;) But for the industry, probably better than most.

      But I must admit that my definition of "business decency" is based on a completely different industry.

      This industry like the telecoms sector is a cess pit. The concept of being a gentlemen is completely devoid.

      The hosting industry follows other rules than the one I am in. But we do not have to deepen this. In fact, I just wanted to aggravate you a bit. For the fun. You know, like in a pub when someone is making a half-serious joke just for the lolz. ;-)
      Have a beer. It's on me.

      Thanks :)

    • ModulesFactory said: released a patch version 1.3.4.9.1 to address the vulnerability.

      I have tested the patch, and it does work as advertised.

      Thanked by 2key900 postcd
      Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
    • key900key900 Member, Provider

      We using this module lately for KVM and it seems fixed now.

      Thanks

      *LetBox.Com Make it Simple, Dallas & Los Angeles - Pure NVMe + Block Storage Boxes!. Discord Community https://discord.gg/g6dqjmm
    • cassacassa Member, Provider
      Proxmox VPS For WHMCS Changelog – v.2.1.0: 
      New Feature: Automatic IP address assignment - KVM virtualization
      Improvement: Automatically boot VM after reinstallation
      Improvement: IP Manager For WHMCS integration
      Improvement: Optimize server RAM usage retrieval process - Proxmox Addon
      Removed: 'Backup Storage' custom field - not used any more
      Bug Fix: Backups limits not respected
      Bug Fix: Upgrade VM after clone
      

      Not sure if they just ignored you or they don't want to show they had a vulnerability

      ik moet poepen

    • JonchunJonchun Member, Provider

      @cassa said:

      > Proxmox VPS For WHMCS Changelog – v.2.1.0: 
      > New Feature: Automatic IP address assignment - KVM virtualization
      > Improvement: Automatically boot VM after reinstallation
      > Improvement: IP Manager For WHMCS integration
      > Improvement: Optimize server RAM usage retrieval process - Proxmox Addon
      > Removed: 'Backup Storage' custom field - not used any more
      > Bug Fix: Backups limits not respected
      > Bug Fix: Upgrade VM after clone
      > 

      Not sure if they just ignored you or they don't want to show they had a vulnerability

      ModulesFactory said: released a patch version 1.3.4.9.1 to address the vulnerability.

      They acknowledged it.

    • qpsqps Member, Provider

      cassa said: Not sure if they just ignored you or they don't want to show they had a vulnerability

      You are confusing ModulesGarden with ModulesFactory.

      Thanked by 3cassa Lee Lee
    • cassacassa Member, Provider

      Whoops, nvm then :D

      ik moet poepen

    Sign In or Register to comment.