!!EXPLOIT!! Shut down your installations!

[No-Server]

Hello everyone,

 

once again there is a exploit around. Shut down your installations.

I don't want to spread the link, but same place as last time. Confirm if you know the link.

 

Tested with latest WHMCS version. Any MySQL queries can be run using the exploit.

[wsa]

Ib WHT i hear that whmcs.com know about it

[Si]

I came to the forums as I got an email from another whmcs developer:

 

They wrote:

A new WHMCS exploit was discovered today. Our developers have tested the exploit on a test installation and it is confirmed to be working.

 

Therefore, it is requested to immediately put your WHMCS portal to maintenance mode to avoid any potential attack. To do so navigate to 'Setup > General Settings' and check the 'Maintenance Mode' option and save the changes.

 

Cordially Yours,

Mobilyzz Team

[wsa]

why this peoples dont email everybody and let them know what going on

[BarrySDCA]

everyone should have their whmcs behind an application firewall by now

[altomarketing]

everyone should have their whmcs behind an application firewall by now

 

Suggestions ?

[BarrySDCA]

we host ours on windows, and use webknight as an ISAPI filter. works great

 

I'm sure there are similar apps for Linux too

[Si]

Where are WHMCS / cPanel on this?

[BarrySDCA]

our subscriptions are primarily based around VM's and custom images, and our provisioning module and sub panel are built in-house. but to answer your question, they are in whmcs. makes it easy to manage and maintain.

 

however - the app firewall sits between the internet and any web server, so you should be able to put something like that in front of any cp really. it's just a layer that examines the traffic *before* it hits the whmcs, etc., app.

[TheHostingHeroes]

Where are WHMCS / cPanel on this?

 

http://forums.whmcs.com/showthread.php?80206-Security-Status-Update&p=342074#post342074

[Si]

http://forums.whmcs.com/showthread.php?80206-Security-Status-Update&p=342074#post342074

 

Why weren't ALL whmcs licence holders emailed about this? WHMCS? Infopro?

[TheHostingHeroes]

I assume they will do once a fix is made. if they did a we are making a fix email, tons of tickets would be opened for them all to say... watch the blog. It makes more sense for them not to send the email as it wouldn't have any help to anyone, but cause issues for support.

[Si]

I assume they will do once a fix is made. if they did a we are making a fix email, tons of tickets would be opened for them all to say... watch the blog. It makes more sense for them not to send the email as it wouldn't have any help to anyone, but cause issues for support.

 

But if we needed to put our installations into maintenance mode - that is all they needed to say.....fix will be sent out shortly. (No need for tickets....but at least our installs would have been safe).

[Alex - Arvixe]

Not good to see yet another one of these out...

 

Hopefully this is resolved quickly like the previous one.

[altomarketing]

Community .., dont confuse dummies about whmcs..., one thing is protect server with firewall and other VERY different is to protect whmcs software from evil guys...

 

For Cpanel server:

 

Free>

Use : CSF http://configserver.com/cp/csf.html and setup up in level 3 (config)

Activate Clamav.

 

Paid>

Use CXS : http://configserver.com/cp/cxs.html it just erase script, alert you about vulnerables joomlas/wordpress..

 

For Windows server: Idont know really...

 

For whmcs :

 

To improve whmcs security performance i created a post here with 20 tips : http://whmcs.argentina--software.com.ar/index.php?title=Enforced

[ADz83]

How can we check if we were affected by this exploit prior to updating?

[zoilodiaz]

How can we check if we were affected by this exploit prior to updating?

 

yeah will be good to see how. but again not communication from whmcs

[Wabun]

where can I find more information about this hack and how to check I am not effected?