Jump to content
Sign in to follow this  
Morty

Was my installation compromised?

Recommended Posts

Probably because noone bothered to put the version number or date in the title.

 

- - - Updated - - -

 

'new' doesnt really mean anything with WHMCS exploits

Share this post


Link to post
Share on other sites

Today i discover the exploit and the "fix" in the blog, how is it possible whmcs don't send an email to all customer to report the problem. Because you don't have the fix ? I prefer disable all whmcs install instead of having all of my business ruined...

This month we had 5 security patch ! Hey guys, what are you doing seriously !

Sure cPanel will appreciate this quality of work...

Share this post


Link to post
Share on other sites

I have done this as explained here...

 

As you may be aware, a security issue has been published within the last hour which allows for information disclosure.

 

We are aware of the issue and are investigating it, and will be issuing a fix for this issue along with any others we discover during our targeted investigation shortly. In the meantime disabling the Mass Payment feature voids the immediate threat.

 

You can do this by de-selecting the "Enable Mass Payment" checkbox in Setup > General Settings > Invoices and saving.

 

Please watch our blog, facebook and twitter feeds to receive the latest updates.

Share this post


Link to post
Share on other sites
are you even a user of the software... I seem to see allot of first time people commenting and I normally see that as trolling from other companies

 

I wondered about that, too.

 

Yeah, 3 in a row is bad, but honestly... May 2012 when they got hacked was way worse, PR wise. That was a cluster-and-a-half.

Share this post


Link to post
Share on other sites
When it makes it possible to log in as an admin, and use that access to do so. That's one way.

OK so if you set write permissions on /downloads there's a file browse/upload form is there? I don't allow write access there (or unauthorized folks to roam around with admin privileges) so I've never seen that. Would make sense if that's how it works though, upload a PHP shell script through that and it's game over.

 

This post seems to suggest anther vector though http://forum.whmcs.com/showthread.php?80410-Was-my-installation-compromised&p=343690#post343690 which is rather alarming I have to say.

 

Just trying to get a handle on how to mitigate all this, the lack of disclosure and transparency from WHMCS is quite shocking. Better information to be had on WHT...

Share this post


Link to post
Share on other sites

Oh man, I am getting really upset about this software policy!

 

I can’t agree BryanB more on that. We are doing serious business with WHMCS. It’s not game! A official roadmap or statement for future security measurements is essential. Hot fixes should be more exception than rule! WHMCS should spend more time on quality instead of providing us with new features. I don’t have time to check Facebook, Twitter and Blog section all the time.

 

With the latest patch releases we don’t have enough time for testing new releases. I hope the new patch doesn't break our system. Thinking about alternatives too.

Edited by tomb
spelling

Share this post


Link to post
Share on other sites
yeah, saw the blog post but didnt see any forums posts about todays?

 

All related threads have been merged into this one.

Share this post


Link to post
Share on other sites

I see that v5.2.11 incremental has now been published, however it unfortunately does not update the reported version for the installation and still shows 5.2.10 after the upgrade

Share this post


Link to post
Share on other sites
All related threads have been merged into this one.

 

There were some from today's exploit and some from the exploit a few days ago...but at least now I know what happened (to the post I was reading, AS I was reading it! LOL!). Adding [MERGED] to the subject (like the support tickets do) woulda been nice.

Share this post


Link to post
Share on other sites
I see that v5.2.11 incremental has now been published, however it unfortunately does not update the reported version for the installation and still shows 5.2.10 after the upgrade

 

confirmed. whmcs_v5211_incremental doesn't update the reported version. It's still showing 5.2.10

Share this post


Link to post
Share on other sites

Hi

 

Does any one else have the issue where its still saying the old version number after updating to 5.2.11 ?

 

I uploaded the zip file and overwritten them. I have done by extracting the zip file after rezipping with correct admin folder name and then I did this manually to make sure I did it right.

 

Thanks

 

Martyn

Share this post


Link to post
Share on other sites

Yes, confirmed!

 

- Removed Link -

Edited by Infopro
URLs Removed - Threads Merged

Share this post


Link to post
Share on other sites

Hi

 

Thanks for that. Its the quickest Ive updated whmcs due to whats been happening and then I thought id discovered it but obviously not lol

Share this post


Link to post
Share on other sites

5.2.12 patch applied.

 

Now I get: Your Version 5.2.12

Latest Version 5.2.11

You should upgrade to the latest version.......

 

UPDATE: Must have just needed refreshing......showing correct now

Edited by Si

Share this post


Link to post
Share on other sites

Thanks WHMCS!! They've just updated the Security Advisory Blogpost.

 

Don't be confuse. Now we are on 5.2.12

 

 

 

http://blog.whmcs.com/?t=80615

 

UPDATE: We've identified a missing file in 5.2.11 which causes the version number not to increment. All security related enhancements are present. We will be updating this post again with version 5.2.12 which will contain the complete change set. Thank you for you patience.

Share this post


Link to post
Share on other sites

Cross posting: - Removed Link -

Edited by Infopro
URLs Removed - Threads Merged

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated