New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Here we go again
I've lost count of how many times this has happened.
Look at Curtis still rocking that ioncube decoder. Site isn't loading for me....good.
But someone write a mod_security rule, please. I'm not good there.
Now everyone sits without a billing system until they fix it... This is why writing your own code in house makes sense in some cases especially when the software available for purchase is so poorly written.
You should remove the link to the exploit. Make people work for it.
This link is posted on all the major forums and a quick Google search reveals the exploit. I would remove it but I don't think it will make a difference at all.
is impossible
very stupid idea leaving the direct link.
I hope cvps disable that now, they are one major malicious guys attraction
Link removed.
It is not useful to remove it. Ppl that look for that know about it already and already used it.
I agree but others have suggested removing the link. All the providers should know about this already.
ETA on a fix from them yet?
This could be a major ball*che for alot of providers & clients.
Come on guys, the vuln isn't secret at all and has been out for many hours now:
http://localhost.re/p/whmcs-527-vulnerability
Also:
http://webcache.googleusercontent.com/search?safe=off&output=search&sclient=psy-ab&q=cache:http://lowendtalk.com/discussion/14347/whmcs-5-2-7-vulnerability&oq=cache:http://lowendtalk.com/discussion/14347/whmcs-5-2-7-vulnerability
You cannot hide things on the internet today, only some retarded governments living in the caveman era still believe that court orders and show-trials on trumped up charges can hide information.
http://vpsboard.com/topic/2140-new-whmcs-exploit/?p=32967
I am the first one affected since many providers I use are vulnerable right now. But trying to hide something like this isn't going to work at all.
Our WHMCS is blocked now.
This is pathetic.
Just hoping this will not take days to fix.
Will throwing WHMCS into maintenance mode be enough?
Probably. I'd recommend shutting off access to your WHMCS altogether though.
This isn't Curtis, this is the guy curtis desperately tries to imitate
The last exploit was pretty complicated and arguably not SolusVM's fault (exploited curl POST boundary). This is a bit sad though.
Our WHMCS is down now as well. Lets keep our ears to the ground.
So who wants to bet which providers gets hit first?
Does this only effect 527 ??
It also affects previous versions as well as the beta.
EDIT: im illiterate