Security Notice Email?

[columbusgeek]

(realized after I posted I put this in the wrong section of the forums. Sorry, please move)

 

Did the Urgent Security notice hit everybody's email before it got posted here?

 

I wanted to make sure it was a legit email before I followed it's instructions.

 

Dear WHMCS User,

 

.......................

 

There is a chance that you may have downloaded V3.5.1 at the time when the files were present and so may have inadvertently uploaded them to your server. As a precaution we are asking all customers to check for, and remove, the following files if they are found to be present in your WHMCS folders:

 

(REMOVED - Refer to email for details)

 

NOTE: If you used our professional upgrade or installation services to have WHMCS installed or upgraded by us then you will NOT have been affected.

 

.......................

 

Regards,

 

Matt

Founder / Developer

WHMCS Ltd

http://www.whmcs.com

[Gears]

(post should be moved to Client Discussion forum)

 

I say it is a legit email.

 

I was affected, but only had one of the files. I had similar named files, but not named exactly as the ones described in the email.

 

I removed the one file... hopefully no damage was done.

 

 

PS. Thank you for letting us know!

[rodeoXtreme]

I did receive the same email and checked the "upgrade" version and the full install version; but did not find any of the files mentioned in the email. Version 3.5.1

[Matt]

I can confirm the email is legitimate. It has been sent out to all license holders as a precautionary measure.

 

Matt

[columbusgeek]

Cool. Never hurts to make sure it's real. I found it kind of odd there was no mention of it here is all. I know it's embarrassing for them, but still, spoof emails happen.

 

 

thanks matt

[ffeingol]

Can a board admin please edit out the details of the file names above? While I understand the need of this post to confirm that the email is legit, I don't think it's a good idea to let the "general public" know the names of the files.

[chickendippers]

Yes, we also got this email although weren't affected. It's good to know that this has been taken care of.

[Nessy]

We were not affected either thank god

[Gears]

I find it weird that we only had one of the mentioned files.

[bluetreehost]

Wow - this is pretty incredible. I didn't have any of the files myself fortunately.

 

Matt, Please post the MD5 of all file packages so we can be assured of their integrity before installing them to our precious servers!

[mattpark]

Hi Team,

 

Thanks for the security notice.

 

For your reference the files listed were *not* found in my fresh install of V3.5.1 , downloaded from the client area on 2nd of Jan 2008.

 

Hope this helps in some way.

 

Cheers,

 

Matt

[skyknight]

Not found on mine.

[columbusgeek]

Yeah I had none as well.

 

They were sneaky files too. Very similar to real files.

[bear]

They were sneaky files too. Very similar to real files.

Yes, indeed. I had someone on my account the other day (not because of this, AFAIK) and they hid it in /lib/plugins as functions_xxx.php. (obfuscated the actual name here) So similar it might go unnoticed altogether.

[danield]

I only found 2 of those files. What can someone do if we dont remove them?

[bear]

The one I had appeared to be a c99 shell. That gives them quite a bit of access to your server. No idea what these files in the distro were, but you should definintely not leave them on the server.

[ghpk]

i found only 3 of them, removed them instantly.

Also i deleted all the files from "templare_c" as i think that folder keeps some copies of files.

[bluque]

I've had my v3.5.1 install in for a few weeks and haven't found these files. Would a DB backup and upload of the new files be a wise idea anyway?

[uberhost]

Wow - this is pretty incredible. I didn't have any of the files myself fortunately.

A big sigh of relief here after checking my WHMCS server.

 

Matt, Please post the MD5 of all file packages so we can be assured of their integrity before installing them to our precious servers!

Thumbs up to this suggestion.

[twhiting9275]

I've had my v3.5.1 install in for a few weeks and haven't found these files. Would a DB backup and upload of the new files be a wise idea anyway?

If you don't have the affected files, you're most likely dandy. Of course, you should be backing up the DB nightly anyways .

 

MD5 = Great idea

[Patty]

Not affected either, thank God.

[[JSH]John]

We were affected by this but only had one of the files mentioned. As soon as I got the email I removed it, I hope there's a way to find the guy that did this so he's unable to try and do it again.

[Chad]

What about trial license users? I downloaded only 2-3 days ago. I never got the email myself.

[twhiting9275]

What about trial license users? I downloaded only 2-3 days ago. I never got the email myself.

 

Since you only downloaded a couple of days ago, you want to check for the files, as they probably exist on your server.

[Chad]

How am I supposed to do that when I never got th email with the file info?