Results 26 to 50 of 343
Thread: WHMCS Exploit 21/10/2013
-
10-21-2013, 12:50 AM #26Web Hosting Master
- Join Date
- May 2003
- Location
- San Francisco, CA
- Posts
- 1,506
It's sad that we're having to include dates in these exploit threads just to be able to distinguish them...
0
-
10-21-2013, 12:51 AM #27Web Hosting Master
- Join Date
- Oct 2009
- Posts
- 590
If you disable client name changes like you should have done after the AES_ENCRYPT exploit then you should be secure. That is assuming the details in post#4 are true.
0
-
10-21-2013, 12:54 AM #28Web Hosting Master
- Join Date
- Aug 2009
- Location
- Los Angeles
- Posts
- 3,338
At this rate WHMCS 5.3 will be a security patch rather than a major release
3
-
10-21-2013, 12:56 AM #29Junior Guru Wannabe
- Join Date
- May 2009
- Posts
- 80
We have disabled client info change, all changes must be made by ticket. But, client still can create new profile, and that is still a open door for injection, am I right? Not sure about this, but if yes, then disable info change make no difference.
0
-
10-21-2013, 12:57 AM #30Web Hosting Guru
- Join Date
- Mar 2010
- Posts
- 281
I'm seriously considering other software.. this is pretty sad..
Small Budget Hosting - Starter Hosting, Advanced Hosting - Reseller Hosting0
-
10-21-2013, 12:59 AM #31Web Hosting Master
- Join Date
- Mar 2005
- Location
- Ten1/0/2
- Posts
- 2,529
CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
Running Linux since 1.0.8 Kernel!
Providing Internet Services since 1995 and Hosting Since 20043
-
10-21-2013, 01:01 AM #32Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 61
I'm just amazed how many people still use WHMCS. They had a HUGE exploit that got several hosting companies' clientele information leaked (including WHMCS's). They remove the resellers discounted licensing program so they make every cent (what good did that do besides make more money to these community college drop out developers). They're encryption to the source code has been cracked since 5.2.7 (might be why these are now being found?), and you have to pay extra to remove the "Powered by WHMCS" crap out of the software so whenever there is a new exploit, people just have to Google for the copyright phrase to find all of the vulnerable WHMCS installs available on the internet.
0
-
10-21-2013, 01:03 AM #33Temporarily Suspended
- Join Date
- Jul 2013
- Posts
- 63
I guess i really have to move now, this is now like 3rd patch in the same month or so.
0
-
10-21-2013, 01:04 AM #34Web Hosting Master
- Join Date
- May 2003
- Location
- San Francisco, CA
- Posts
- 1,506
0
-
10-21-2013, 01:06 AM #35Web Hosting Master
- Join Date
- Oct 2008
- Location
- Singapore
- Posts
- 4,685
0
-
10-21-2013, 01:07 AM #36Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Do we send some of these to the WHMCS HQ:
http://c2.diapers.com/images/product.../jj-019_1z.jpg0
-
10-21-2013, 01:07 AM #37Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 61
0
-
10-21-2013, 01:14 AM #38Junior Guru Wannabe
- Join Date
- Apr 2011
- Location
- Melbourne
- Posts
- 93
SektionEins is a pretty well known security and auditing company. They are the creators behind Suhosin and have done a number of audits for open source projects.0
-
10-21-2013, 01:20 AM #39Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 61
0
-
10-21-2013, 01:41 AM #40Corporate Member
- Join Date
- Feb 2008
- Location
- Houston, Texas, USA
- Posts
- 3,262
WHMCS has lost credibility. It's about time cPanel shares some of the responsibility of this snafu. Next time this needs to be reported as a "cPanel WHMCS exploit." We need cPanel to take over because they have "a financial stake in WHMCS."
0
-
10-21-2013, 01:55 AM #41Web Hosting Guru
- Join Date
- Jan 2011
- Posts
- 303
is it me or new version broke some pages
EdenHost.Com - Domains | Shared | Reseller | VPS | VPS Resellers | SSL
Eden Web+ - We Develop Your Vision | Graphic Designing | Advertising and SEO | Web Designing | Web Development | Server Management | Website Management | Support Services
Call/Text Us Today! +91-7509-077999 | +1-(828)-330-EDEN0
-
10-21-2013, 01:55 AM #42Newbie
- Join Date
- Oct 2013
- Posts
- 27
Reported this one last night, but mods incorrectly closed as a dupe post
http://www.webhostingtalk.com/showthread.php?t=13145670
-
10-21-2013, 02:00 AM #43Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 61
0
-
10-21-2013, 02:02 AM #44Web Hosting Master
- Join Date
- Aug 2003
- Location
- Taiwan
- Posts
- 1,103
© www.hostinginside.com AS9678 √
© Taiwan Colocation and Dedicated Server
© Taiwan, Singapore, US, UK & Germany KVM Based VPS with RAID 100
-
10-21-2013, 02:03 AM #45Web Hosting Guru
- Join Date
- Jan 2011
- Posts
- 303
EdenHost.Com - Domains | Shared | Reseller | VPS | VPS Resellers | SSL
Eden Web+ - We Develop Your Vision | Graphic Designing | Advertising and SEO | Web Designing | Web Development | Server Management | Website Management | Support Services
Call/Text Us Today! +91-7509-077999 | +1-(828)-330-EDEN0
-
10-21-2013, 02:05 AM #46Web Hosting Master
- Join Date
- Mar 2013
- Posts
- 918
I am shocked another exploit has come up this quick.
0
-
10-21-2013, 02:07 AM #47Web Hosting Guru
- Join Date
- Jan 2011
- Posts
- 303
EdenHost.Com - Domains | Shared | Reseller | VPS | VPS Resellers | SSL
Eden Web+ - We Develop Your Vision | Graphic Designing | Advertising and SEO | Web Designing | Web Development | Server Management | Website Management | Support Services
Call/Text Us Today! +91-7509-077999 | +1-(828)-330-EDEN1
-
10-21-2013, 02:08 AM #48Web Hosting Master
- Join Date
- Aug 2003
- Location
- Taiwan
- Posts
- 1,103
It has been mentioned on previous version 5.2.9
http://www.webhostingtalk.com/showpo...&postcount=226© www.hostinginside.com AS9678 √
© Taiwan Colocation and Dedicated Server
© Taiwan, Singapore, US, UK & Germany KVM Based VPS with RAID 100
-
10-21-2013, 02:08 AM #49Disabled
- Join Date
- Oct 2013
- Location
- Australia
- Posts
- 206
Time to move ahead! Enough of WHMCS crap
0
-
10-21-2013, 02:12 AM #50Web Hosting Master
- Join Date
- Mar 2013
- Posts
- 918
0
Similar Threads
-
[FEATURED] Another WHMCS exploit
By spencerocks in forum Hosting Software and Control PanelsReplies: 356Last Post: 10-21-2013, 04:43 AM -
Yet another WHMCS exploit?
By iMiMx in forum Hosting Software and Control PanelsReplies: 23Last Post: 10-20-2013, 04:52 PM -
whmcs exploit?
By smerrikin in forum Hosting Software and Control PanelsReplies: 2Last Post: 10-03-2013, 12:04 PM -
WHMCS Exploit?
By Dustin B Cisneros in forum Hosting Software and Control PanelsReplies: 4Last Post: 07-11-2013, 11:02 AM