Page 1 of 15 123411 ... LastLast
Results 1 to 25 of 357
  1. #1
    Join Date
    Sep 2011
    Location
    USA
    Posts
    61

    Another WHMCS exploit

    Looks like another WHMCS exploit just came out, take down your WHMCS installs now! This exploit is for the latest 5.2.8 code. Source is same as last time
      1 Not allowed!

  2. #2
    Join Date
    Jul 2013
    Posts
    52
    do you have some more informations?
      1 Not allowed!

  3. #3
    Join Date
    Mar 2011
    Location
    Scotland
    Posts
    94
    Yep - same source, its out there if you know what to search for. Not recommended anyone posts the link as it will play into those whom want to cause havocs hands.

    We have locked down our billing install for now.
      1 Not allowed!

  4. #4
    Join Date
    Mar 2011
    Location
    Scotland
    Posts
    94
    hopefully find out shortly what's going to happen!
    Hello,

    Thank you for the notification. We are currently aware of this and verifying if it is legitimate now. If it is a confirmed vulnerability then a patch will be released immediately.

    If you have any other questions, please let us know and we will be happy to help!

    Regards,

    Don R.
    WHMCS Support Staff Member"
      0 Not allowed!

  5. #5
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by Serverbros View Post
    hopefully find out shortly what's going to happen!
    I got the same reply
      1 Not allowed!

  6. #6
    Join Date
    Mar 2011
    Location
    Scotland
    Posts
    94
    Quote Originally Posted by cd/home View Post
    I got the same reply
    Haha I figured with the basic "hello" instead of "Hello Jordan" like they usually do, probably swamped under
      0 Not allowed!

  7. #7
    This WHMCS guy has to be put in jail
      0 Not allowed!

  8. #8
    Join Date
    Oct 2010
    Posts
    5,079
    If the decrypted source code is genuine, this is an unbelievably massive hole.

    Why will they not get an external audit run on their code? The explanation they published about the last exploit did not say anything about what they do to prevent similar exploits in future.
    Not as active on WHT as I used to be, but still drop in and receive email notifications from here.
    My personal blog site: https://www.oakleys.org.uk/blog
      0 Not allowed!

  9. #9
    I like WHMCS, I really do, but they are stumbling a lot lately. I'd like Rack911 to do a full audit on their software.
    Bobby - PreciselyManaged.com - Precision Hosting Solutions
    █ Enterprise Shared, Reseller, VPS, Hybrid, and Dedicated Hosting
    █ SpamExperts | CloudLinux | cPanel | Bacula + R1soft | and more!
    █ Full proactively managed, and we specialize in hosting small web hosts
      0 Not allowed!

  10. #10
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,732
    This is the worse thing I have ever heard, if it's been removed by PHP there has to be a reason behind it. Don't re-create it.
      0 Not allowed!

  11. #11
    This is getting crazy. Are they even serious about their product?
    I mean, we can't just disable our billing systems all the time because of a software with exploits?
    There has to be an alternative! WHMCS - is going down the hill
    ElitePixels.net - Web Design / Re-Design Services
    Experts in Web-Hosting Designs
    http://www.twitter.com/elitepixelsnet
      0 Not allowed!

  12. #12
    Turned recurrent WHMCS, every week has a security flaw.
    Why guys do not just revise the system at once or simply hire an external audit.

    And none of them give any public position.
    Expect some will be harmed installation, to take any action.
    Cheap VPS in Brazil - Equinix SP1 Data Center
    Coming soon.
      0 Not allowed!

  13. #13
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Interesting this new one was released while WHMCS/CPanel folks are attending a summit (according to the Twitter feed). Wasn't the first one released during another get together?
    Your one stop shop for decentralization
      0 Not allowed!

  14. #14
    Join Date
    Feb 2004
    Location
    Toronto
    Posts
    2,308
    I'm going to guess unless WHMCS is rebuilt from the ground up all they can really do is patch on top of patch.



    Quote Originally Posted by marcosv View Post
    Turned recurrent WHMCS, every week has a security flaw.
    Why guys do not just revise the system at once or simply hire an external audit.

    And none of them give any public position.
    Expect some will be harmed installation, to take any action.
    VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
    20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)
      0 Not allowed!

  15. #15
    So that means those guys who know the security hole right now can access all people's site?
      0 Not allowed!

  16. #16
    Quote Originally Posted by bear View Post
    Interesting this new one was released while WHMCS/CPanel folks are attending a summit (according to the Twitter feed). Wasn't the first one released during another get together?
    If those discovering the exploits were looking to have the largest measure of success on the WHMCS installations out there, then it would make sense to time the release of an exploit when a fix might take the longest to develop.

    The more folks at the conference the less folks there are back at an office working on a patch...
      0 Not allowed!

  17. #17
    Join Date
    Oct 2010
    Posts
    5,079
    It's time to ban attending conferences. Spend the air fares on code audit instead.
      0 Not allowed!

  18. #18
    Join Date
    Apr 2002
    Posts
    1,789
    I haven't seen it mentioned, but I'm assuming this exploit also affects WHMCS v5.1.10, is that correct?

    The last exploit affected both 5.1 and 5.2 and I'm given to understand that this exploit follows a similar path as that exploit, so I'm assuming that it affects the 5.1 release tree as well. But thus far I've only seen it mentioned that this affects the 5.2 release tree.
      0 Not allowed!

  19. #19
    Join Date
    Jul 2010
    Location
    ~/
    Posts
    1,382
    Annoying.

    It is obvious that they don't care and are happy to patch on fail only rather than take a proactive audit.

    I STRONGLY urge everyone to open a ticket with WHMCS that uses it stating something like.

    "I am very disappointed to learn that a completely avoidable hole was found in your commercial software, once again you have put my business and the business of many others at risk without good reason.

    Please accept this as a formal complaint, I request 3 months worth of credit as compensation and insist that a proactive audit is carried out at your expense by a qualified third party."

    Insist it gets escalated to management.

    really they need to be hit with 1000's of such requests or they simply will not change, mine has gone in
    -> INCEPTION HOSTING LIMITED Since 2010!
    -> I am most active on the lowendspirit hosting forum Come join us!
    -> PHOENIX USA & THE NETHERLANDS & UK EU
      0 Not allowed!

  20. #20
    Join Date
    Nov 2007
    Location
    New Jersey, USA
    Posts
    4,740
    I've been reading on various forums about this, why would someone post a link to the actual exploit? Not a lot of people know the website that this is posted on, posting it on forums will just make it worse!

    - Daniel
      0 Not allowed!

  21. #21
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    The fact they're being released publicly at all makes me wonder if this is more punitive or intentionally harmful rather than "ordinary" hacking efforts. I'd suggest most hackers that are in this for gain would keep it quiet and use it to grab data, servers and so on. To release publicly, and in a mocking, public "name and shame" manner feels like it's to be destructive to the brand than to brag to others in that community or for financial gain and so on.

    Just me, maybe.
    Your one stop shop for decentralization
      2 Not allowed!

  22. #22
    Join Date
    Jan 2012
    Location
    Glasgow, Scotland
    Posts
    607
    Guess its time to consider to move to another billing solution, its been 15 days since last time.
    HostUS - Premium Hosting Made Affordable
    TEN Worldwide locations spanning USA, Europe & Asia Pacific
    Own ASN, Own Network, Own IPs - AS7489 & AS25926
      0 Not allowed!

  23. #23
    Join Date
    Nov 2007
    Location
    New Jersey, USA
    Posts
    4,740
    Does HostBill own the website that is releasing these exploits, hahaha.

    We have shut down our WHMCS until this is fixed.

    - Daniel
      0 Not allowed!

  24. #24
    Join Date
    Dec 2010
    Location
    127.0.0.1
    Posts
    5,732
    Quote Originally Posted by bear View Post
    Interesting this new one was released while WHMCS/CPanel folks are attending a summit (according to the Twitter feed). Wasn't the first one released during another get together?
    cPanel conference last time, this time is the one for ResellerClub in India. This one is worse.
      0 Not allowed!

  25. #25
    poor people who are victims
      0 Not allowed!

Page 1 of 15 123411 ... LastLast

Similar Threads

  1. [FEATURED] New WHMCS Exploit
    By Aldryic C'boas in forum Hosting Software and Control Panels
    Replies: 399
    Last Post: 10-18-2013, 03:57 PM
  2. WHMCS Exploit?
    By Dustin B Cisneros in forum Hosting Software and Control Panels
    Replies: 4
    Last Post: 07-11-2013, 11:02 AM
  3. New WHMCS Exploit?
    By Hoosier Mike in forum Hosting Software and Control Panels
    Replies: 41
    Last Post: 03-26-2013, 08:21 PM
  4. WHMCS Exploit?
    By squalled00 in forum Hosting Software and Control Panels
    Replies: 3
    Last Post: 01-19-2012, 03:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •