Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Using ModulesFactory's Proxmox module? There's a nasty exploit!
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Using ModulesFactory's Proxmox module? There's a nasty exploit!

FranciscoFrancisco Top Provider
edited January 2016 in General

Hello everyone,

While doing an installation for a client today I of ModulesFactory's Proxmox WHMCS Module that's quite nasty.

I already contacted the developer about this but haven't heard back anything. I also don't know if they will bother emailing everyone to update. Either way, it's simply easier to help people patch up and keep safe.

I've written a workaround patch but won't be releasing it to the public. Instead, if you're a provider and can prove you're using this, please email me at [email protected] or contact me on here and I'll provide you the patch. You can also skype me at 'deltaanime'.

Thanks to @mitgib for helping me confirm & test.

Francisco

BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address

Comments

  • Uh oh.

    I believe that a number of provides are using this module. This could get very ugly, very quickly.

    This signature wasted 121 bytes of your data allocation.

    https://nixstats.com/report/56b53d6465689e44598b4567

  • FranciscoFrancisco Top Provider

    @0xdragon said:
    Uh oh.

    I believe that a number of provides are using this module. This could get very ugly, very quickly.

    s'why i'd like people to contact me and get patched :)

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • Francisco said: I already contacted the developer about this but haven't heard back anything. I also don't know if they will bother emailing everyone to update. Either way, it's simply easier to help people patch up and keep safe.

    Good luck getting a response on that, I looked at this module 18 months ago and reported numerous issues including potential vulnerabilities.

    No response.

  • FranciscoFrancisco Top Provider

    @MarkTurner said:
    No response.

    Well, I confirmed, and patched, one of the big ones I found. :) It's a hackjob of a patch but it works well enough.

    Francisco

    Thanked by 1netomx
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • jmginerjmginer Member, Provider

    What kind of exploit? Full WHMCS / Proxmox access?

    Voxility DDoS protected BGP starting from 250 EUR/month. Contact us.
    VPS in Spain ☛ 5.99€/month ★ We accept Bitcoins! ★ DMCA ignore ★
  • @francisco

    why not just drop in a download link to the patch for everyone? you are kind enough to notify us all about an serious ongoing issue but the solution to it that you have created will not be published public? is there any reason behind that?

  • 0xdragon said: This could get very ugly, very quickly.

    All they have to do is kiss Fran's ring and they will be made ;)

    Thanked by 1netomx
    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • FranciscoFrancisco Top Provider

    @Mark_R said:
    francisco

    why not just drop in a download link to the patch for everyone? you are kind enough to notify us all about an serious ongoing issue but the solution to it that you have created will not be published public? is there any reason behind that?

    Because then where the issue is, is now in the wild and unsuspecting hosts could get popped.

    Francisco

    Thanked by 2Mark_R netomx
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • FranciscoFrancisco Top Provider

    @jmginer said:
    What kind of exploit? Full WHMCS / Proxmox access?

    It's a nasty exploit, i'll leave it at that.

    Francisco

    Thanked by 1netomx
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • GM2015GM2015 Member
    edited January 2016

    I'm giving proxmox this afternoon a try. Looks easy enough to install over debian 8.

    Francisco said: Tagged:

    proxmox praisepony

    Thanked by 1netomx

    Go give Vultr(referral) a try. | GNU/Linux http://debian.org

  • FranciscoFrancisco Top Provider
    edited January 2016

    @GM2015 said:

    praisepony

    Francisco

    Thanked by 2GM2015 netomx
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • Francisco said: Well, I confirmed, and patched, one of the big ones I found. :) It's a hackjob of a patch but it works well enough.

    Just don't use it at all, its safer all round

  • FranciscoFrancisco Top Provider

    @MarkTurner said:
    Just don't use it at all, its safer all round

    Well, for once one of my threads isn't to criticize other hosts, it's just to lend a helping hand. ;)

    Francisco

    Thanked by 1netomx
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • Decency towards other hosts was never MarkTurner's strong side...

    Thanked by 2netomx Dylan

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • FranciscoFrancisco Top Provider
    edited January 2016

    @Amitz said:
    Decency towards other hosts was never MarkTurner's strong side...

    To be fair it isn't mine half the time either.

    Francisco

    Thanked by 2Jonchun netomx
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • raindog308raindog308 Moderator
    edited January 2016

    miTgiB said: All they have to do is kiss Fran's ring and they will be made ;)

    BuyExploit, a new FranTech offering.

    image

    image

    For LET support, please visit the support desk.

  • raindog308 said: BuyExploit, a new FranTech offering.

    Have you seen a picture of Fran? He is a good looking man(nohomo), but reminds me of a gangster from pre-WWII movies, but maybe it is just me.

    Thanked by 1GCat
    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • @raindog308 said:
    image

    ponysploits.com - A Frantech Brand

    Thanked by 1raindog308

    My comments are mine and mine alone, and do not reflect the opinion of my business

  • miTgiB said: Have you seen a picture of Fran? He is a good looking man(nohomo), but reminds me of a gangster from pre-WWII movies, but maybe it is just me.

    Post/reply race condition :-) Updated my post with a pic of Don Francisco.

    Thanked by 1miTgiB

    For LET support, please visit the support desk.

  • GCat said: ponysploits.com - A Frantech Brand

    You forgot coming soon™

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • @miTgiB said:
    You forgot coming soon™

    I feel he's way more elegant in his topless towel photo.

    vrtz.net Cheap VPS Servers Offers - now with EXCLUSIVE offers! (all links are aff links)
    $12/year HostUS Deal (768MB RAM+768MB vSwap)$11.29/year GestionDBI Deal (768MB RAM)

  • Dear Francisco,
    Thank you, we received your report and have released a patch version 1.3.4.9.1 to address the vulnerability. Patch available for customers to download in their clientarea.

    Thanks
    Mohamed.
    Modules Factory.

    Thanked by 3miTgiB key900 postcd
  • Francisco said: Well, for once one of my threads isn't to criticize other hosts, it's just to lend a helping hand. ;)

    Its not a hosting issue, its just that this vendor's modules always appear to be very rushed/sloppy, lack quality control and they don't respond bug reports even when the functionality of the module is non-existent.

    Amitz said: Decency towards other hosts was never MarkTurner's strong side...

    Maybe you mean 'respect' not 'decency'. Respect has to be earned on all sides, it starts by doing the best you can do everyday and when things go wrong, learn from it and do your utmost to ensure it doesn't happen again. The people I complain about just keep doing the same thing day after day. The cerebrum isn't in gear.

  • MarkTurner said: Maybe you mean 'respect' not 'decency'. Respect has to be earned on all sides, it starts by doing the best you can do everyday and when things go wrong, learn from it and do your utmost to ensure it doesn't happen again. The people I complain about just keep doing the same thing day after day. The cerebrum isn't in gear.

    No, I was indeed taking about decency. ;-)
    But I must admit that my definition of "business decency" is based on a completely different industry. The hosting industry follows other rules than the one I am in. But we do not have to deepen this. In fact, I just wanted to aggravate you a bit. For the fun. You know, like in a pub when someone is making a half-serious joke just for the lolz. ;-)
    Have a beer. It's on me.

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • Amitz said: No, I was indeed taking about decency. ;-)

    Decency - 'behavior that conforms to accepted standards of morality or respectability.'

    Border line ;) But for the industry, probably better than most.

    But I must admit that my definition of "business decency" is based on a completely different industry.

    This industry like the telecoms sector is a cess pit. The concept of being a gentlemen is completely devoid.

    The hosting industry follows other rules than the one I am in. But we do not have to deepen this. In fact, I just wanted to aggravate you a bit. For the fun. You know, like in a pub when someone is making a half-serious joke just for the lolz. ;-)
    Have a beer. It's on me.

    Thanks :)

  • ModulesFactory said: released a patch version 1.3.4.9.1 to address the vulnerability.

    I have tested the patch, and it does work as advertised.

    Thanked by 2key900 postcd
    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • key900key900 Member, Provider

    We using this module lately for KVM and it seems fixed now.

    Thanks

    *LetBox.Com Make it Simple, Dallas & Los Angeles - Pure NVMe + Block Storage Boxes!. Discord Community https://discord.gg/g6dqjmm
  • cassacassa Member, Provider
    Proxmox VPS For WHMCS Changelog – v.2.1.0: 
    New Feature: Automatic IP address assignment - KVM virtualization
    Improvement: Automatically boot VM after reinstallation
    Improvement: IP Manager For WHMCS integration
    Improvement: Optimize server RAM usage retrieval process - Proxmox Addon
    Removed: 'Backup Storage' custom field - not used any more
    Bug Fix: Backups limits not respected
    Bug Fix: Upgrade VM after clone
    

    Not sure if they just ignored you or they don't want to show they had a vulnerability

    ik moet poepen

  • JonchunJonchun Member, Provider

    @cassa said:

    > Proxmox VPS For WHMCS Changelog – v.2.1.0: 
    > New Feature: Automatic IP address assignment - KVM virtualization
    > Improvement: Automatically boot VM after reinstallation
    > Improvement: IP Manager For WHMCS integration
    > Improvement: Optimize server RAM usage retrieval process - Proxmox Addon
    > Removed: 'Backup Storage' custom field - not used any more
    > Bug Fix: Backups limits not respected
    > Bug Fix: Upgrade VM after clone
    > 

    Not sure if they just ignored you or they don't want to show they had a vulnerability

    ModulesFactory said: released a patch version 1.3.4.9.1 to address the vulnerability.

    They acknowledged it.

  • qpsqps Member, Provider

    cassa said: Not sure if they just ignored you or they don't want to show they had a vulnerability

    You are confusing ModulesGarden with ModulesFactory.

    Thanked by 3cassa Lee Lee
  • cassacassa Member, Provider

    Whoops, nvm then :D

    ik moet poepen

Sign In or Register to comment.