Latest security patch - is it genuine?

[netmotiv8]

Hi,

 

Considering recent events, is the security patch released today, genuine?

 

If there has been some social engineering going on then who is to say that the email and forum post from Matt is genuine.

 

The email I received about the update was sent from whmcscom@whmcs.whmcs.com which seems an odd and scammy email address.

[niemie]

I had the same question but if you look it is also posted on the blog...

[laszlof]

It is indeed genuine. The From address was actually noreply@whmcs.com. However, the Return-Path would show whmcscom@whmcs.whmcs.com, which is consistent with other emails I've received from WHMCS in the past.

[WHMCS Liam]

Hello

 

I can confirm this is indeed a genuine email, You can read more information about this patch here: http://forum.whmcs.com/showthread.php?47828-Security-Patch&p=224696

 

Cheers

Liam

[jclarke]

WHT has verified it:

http://www.webhostingtalk.com/showthread.php?t=1159268

 

SolusVM has also verified the patch:

http://www.webhostingtalk.com/showpost.php?p=8153755&postcount=30

I also emailed SolusVM support who confirmed the patch is legitimate.

[JimBoom]

Thanks Liam,

It would have helped to know that the file was replacing one that I already had in there... I was expecting it to be a new file, but there was already one called dbconnect.php. The email didn't mention that, giving me some pause, but it seems to be ok.

thanks,

Jim

[netmotiv8]

Thanks Frank,

 

I have never received an email from whmcscom@whmcs.whmcs.com in the past and I have been using WHMCS for 5 year+

 

It was of particular notice to me as I have a rule set in my email client to move emails from WHMCS to my WHMCS folder however this one did not and since recent events its odd that with all the speculation about spam emails people are now getting I should receive this and it not get redirected by my mail rule.

 

Thanks for clarifying anyhow

[netmotiv8]

I think what also didn't help was that the connection to whmcs.com and the go.whmcs.com sites failed (and it wasn't my internet connection) when I originally tried to visit the url specified for the patch. So I was thinking something odd may have been going!

 

Guess, it's just a twitchy time at the moment!

[laszlof]

Thanks Frank,

 

I have never received an email from whmcscom@whmcs.whmcs.com in the past and I have been using WHMCS for 5 year+

 

The From address was noreply@whmcs.com. Its the ReturnPath that was set to whmcscom@whmcs.whmcs.com. This is consistent with all WHMCS related emails for a long time (or at least, very simular with regards to the account name).

 

My guess is your email client stripped the real from address for some reason.

[basic]

Alarm here ... we replaced the file and now we get this:

 

----------------------------

License Invalid

 

Your license key Owned-558XXXXXXXX6abw9 [changed] is invalid. Possible reasons for this include:

 

The license key has been entered incorrectly

The domain being used to access your install has changed

The IP address your install is located on has changed

The directory you are using has changed

 

If required, you can reissue your license from our client area on demand @ http://www.whmcs.com/members/clientarea.php to update the allowed install location.

 

Got a new license key? Click here to enter it

----------------------------

 

We then replaced it back to the old file, and it is the same problem, same "license invalid" note!

Edited May 29, 2012 by basic

[basic]

U P D A T E :

Half an hour after posting this "License Invalid" issue (above) we got it working. Thing is, I do not know why it works now ... we had to re-enter the license key. During the first round we got an error there. Now it works ... maybe the license server at WHMCS was down, not sure....

[Bubka3]

U P D A T E :

Half an hour after posting this "License Invalid" issue (above) we got it working. Thing is, I do not know why it works now ... we had to re-enter the license key. During the first round we got an error there. Now it works ... maybe the license server at WHMCS was down, not sure....

You are probably correct.

[serverprodigy]

We ran into a problem w/ the patch, All orders stopped working with the an error message.

CLients reported this and I verified it myself with a test order.

 

I had to replace the patch file w/ a backup copy of the original to restore function.

[minadreapta]

download the patch again from the client area. this has been fixed already.

there is also a thread about this in the "Bug Reports" section.

Edited May 30, 2012 by minadreapta

[oesman]

Anyone seen this exploit that just poped up on [removed]? {link removed}

[easyhosting]

Anyone seen this exploit that just poped up on [removed]? {link removed}

 

you should not post links or texts of any exploits on these forums as been said many times.

[Petabyte]

Hello,

 

after uploading patched file I can't add new domain, it gives an error.

 

Ater replacing with old version all works fine.

What's wrong?

[openmind]

Dowload the patch again and overwrite the dbconnect.php file and it should be fine...

[oesman]

you should not post links or texts of any exploits on these forums as been said many times.

 

I don't see it in the rules:

 

http://forum.whmcs.com/faq.php

 

If it's something that's been said in other posts, I'd have no idea. I don't frequent this forum. If it's a rule there should be a sticky in this section, or it should be in the FAQ. I'm not a mind reader.

[openmind]

It's not in the rules, it's more common sense. Best thing to do is raise the issue on a support ticket.

[oesman]

It's not in the rules, it's more common sense. Best thing to do is raise the issue on a support ticket.

 

Sounds good, I'll keep it to myself next time.

[Petabyte]

Dowload the patch again and overwrite the dbconnect.php file and it should be fine...

 

You're right, it works, thanks.

[easyhosting]

Sounds good, I'll keep it to myself next time.

 

 

common sense.

 

This forum is not just visited by WHMCS members, so those whop breached WHMCS klast week along with other could be and are most likely monitoting this forum, so you post a link or the text to an exploit, you may have now just given them an exploit to now attack WHMCS Installs.

[oesman]

so those whop breached WHMCS klast week along with other could be and are most likely monitoting this forum, so you post a link or the text to an exploit, you may have now just given them an exploit to now attack WHMCS Installs.

 

You're absolutely right, it's a good thing isn't visited by thousands of people hourly including most likely those same people. I know I certainly don't check that site and others 1-2 times a day to ensure my servers are secure.

[easyhosting]

You're absolutely right, it's a good thing isn't visited by thousands of people hourly including most likely those same people. I know I certainly don't check that site and others 1-2 times a day to ensure my servers are secure.

 

regardless if that site is viteded by thousands a day, their will hundreds of sites out their will exploits listed for most software apps, but its not good posting links to these sites or text to these exploits on the software forums.

 

you seem to be defending your right in listing an exploit on a site where the exploit can cause damage.