Page 6 of 15 FirstFirst ... 3456789 ... LastLast
Results 126 to 150 of 357
  1. #126
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Quote Originally Posted by bear View Post
    That was a hack of HG, not WHMCS.
    While that original 'hack' might have been the fault of HG, the infrastructure, poor administration, poor layout and implementation is all 100% on Matt @ WHMCS.

    The fact that someone could so easily grab that information means that there were no layers to this at all. Given the size of WHMCS, that's definitely on them.

    I see we're still sitting here, with absolutely no resolution . What wonderful support and excellent devs we have over there, right?
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  2. #127
    Join Date
    Feb 2004
    Location
    Toronto
    Posts
    2,308
    If a certain function is not available via the API then you could always write your own function.



    Quote Originally Posted by gohigher View Post
    Good luck on using their API... they leave a lot to be desired I'm afraid
    VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
    20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)
      0 Not allowed!

  3. #128
    Join Date
    May 2008
    Location
    EU
    Posts
    41
    They do not work tonight!
    Conveniently left!
    IWS Networks - Your Web Solutions!
    HostPlay.Com - Offshore Fully Managed VPS and Dedicated Servers In Europe
    Reliable, 24/7 Premium Support, Fast & Stable Network, Multiple Locations
    Shared Hosting * Reseller Hosting * Semi-Dedicated Hosting * Fully Managed VPS and Dedicated Servers
      0 Not allowed!

  4. #129
    Join Date
    Aug 2008
    Location
    England, UK
    Posts
    974
    Quote Originally Posted by cd/home View Post
    Maybe because there too hard for that?
    They may well be if they're not using the crap they sell everybody else

    Seriously though, the blog says there is an exploit and they're working on a fix. That's it! Nothing about the severity / risk and what actions to take in the interim.

    Luckily, many WHT members know the site that usually releases WHMCS exploits and warns us. The only advice I got was from here, which again is to disable, I understand that advice seeing the exloit but not all WHMCS users come here and many of them will be in for a long weekend if compromised.
    LampNetworks - Affordable Web Hosting
    Hosting locations in United Kingdom & United States
    cPanel+Softaculous | 99.9% Uptime SLA | Daily & Monthly Backups
    Custom Hosting Plans Available - Select and Pay only for the Quotas YOU need
      0 Not allowed!

  5. #130
    I honestly can't wait until ClientExec 5.0 comes out, we're highly considering switching over to them as soon as possible, cancelling all of our licenses with them, and ending our WHMCS reseller partnership.

    All of these exploits are getting really ridiculous. How hard is it for WHMCS to contact Rack 911 and have their code audited?
      1 Not allowed!

  6. #131
    Join Date
    Aug 2003
    Location
    Dallas, TX USA
    Posts
    2,812
    Quote Originally Posted by cd/home View Post
    Maybe because there too hard for that?
    You may be on to something.

      0 Not allowed!

  7. #132
    Join Date
    May 2009
    Location
    United Kingdom
    Posts
    1,695
    Looks like it's going to be a long night. 3:18 AM and counting.

    Hopefully we see a patch soon.
    Zomex ~ Templates & services for web hosting resellers since 2009!
    #1 Web Hosting Templates for WHMCS Templates | WordPress | HTML | Blesta | Clientexec
    █ Professional WHMCS Services | Installation | Configuration | Integration | Upgrades
      0 Not allowed!

  8. #133
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    Quote Originally Posted by zomex View Post
    Looks like it's going to be a long night. 3:18 AM and counting.

    Hopefully we see a patch soon.
    04:26 here, not going to bed before a patch is out.
    "Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein
      0 Not allowed!

  9. #134
    Join Date
    May 2009
    Location
    United Kingdom
    Posts
    1,695
    Quote Originally Posted by MrEliasen View Post
    04:26 here, not going to bed before a patch is out.
    Yeah me too

    There's nothing we can do but kill time.
    Zomex ~ Templates & services for web hosting resellers since 2009!
    #1 Web Hosting Templates for WHMCS Templates | WordPress | HTML | Blesta | Clientexec
    █ Professional WHMCS Services | Installation | Configuration | Integration | Upgrades
      0 Not allowed!

  10. #135
    What is taking them so long, I wonder.
    No updates on blog, no patch...
      0 Not allowed!

  11. #136
    Join Date
    May 2009
    Location
    United Kingdom
    Posts
    1,695
    Quote Originally Posted by Vex76 View Post
    What is taking them so long, I wonder.
    No updates on blog, no patch...
    Yeah I find it strange that they originally pulled their files offline and then re-uploaded them. I hope that means they have a patch and have updated their own install and our preparing it for public launch. But that may be wishful thinking
    Zomex ~ Templates & services for web hosting resellers since 2009!
    #1 Web Hosting Templates for WHMCS Templates | WordPress | HTML | Blesta | Clientexec
    █ Professional WHMCS Services | Installation | Configuration | Integration | Upgrades
      0 Not allowed!

  12. #137
    Join Date
    Sep 2010
    Location
    /usr/bin/fail
    Posts
    859
    Quote Originally Posted by MrEliasen View Post
    04:26 here, not going to bed before a patch is out.

    You could be up for a few days... Good thing you didn't choose to hold your breath till it was patched... That would end badly..
      0 Not allowed!

  13. #138
    Quote Originally Posted by zomex View Post
    Yeah I find it strange that they originally pulled their files offline and then re-uploaded them. I hope that means they have a patch and have updated their own install and our preparing it for public launch. But that may be wishful thinking
    Wishful thinking, indeed. That may not necessarily mean that they have a patch, unless the MD5 sums for the files have changed.

    Also, allo, Zomex.
    ★ Nicholas @ EidolonHost
    ★ Blesta and InterWorx Reseller. See WebHost Licenses for details.
    ★ We have Let's Encrypt Support
      0 Not allowed!

  14. #139
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by GVH-Jon View Post
    I honestly can't wait until ClientExec 5.0 comes out, we're highly considering switching over to them as soon as possible, cancelling all of our licenses with them, and ending our WHMCS reseller partnership.
    We'll be migrating to ClientExec in the next 72 hours. The time with WHMCS has come to an end now.
      3 Not allowed!

  15. #140
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    Quote Originally Posted by CN-Jeremy View Post
    You could be up for a few days... Good thing you didn't choose to hold your breath till it was patched... That would end badly..
    haha very true that .
    I do hope it won't be long though , been a very long day already.
    "Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein
      0 Not allowed!

  16. #141
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Quote Originally Posted by cd/home View Post
    We'll be migrating to ClientExec in the next 72 hours. The time with WHMCS has come to an end now.
    CE is no better.
    At least with WHMCS, things work, and you can rely on professional developers to get things done, for the most part.

    With CE, you have to do most billing work manually, you have to 'hope' your registrar is working right , you have to deal with dozens of devs that just don't get their jobs at all.

    Been there, done that, pass, TYVM
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  17. #142
    Join Date
    Nov 2000
    Location
    localhost
    Posts
    3,771
    Have all WHMCS customers received a direct email from WHMCS instructing them to disable their installations and thus there should no active installations this morning?
      0 Not allowed!

  18. #143
    Join Date
    May 2009
    Location
    Markham, Canada
    Posts
    458
    Quote Originally Posted by MattF View Post
    Have all WHMCS customers received a direct email from WHMCS instructing them to disable their installations and thus there should no active installations this morning?
    Of course not, why would they do that? [sarcasm]

    Last time they sent out an email once the patch was ready, I would assume it will be the same this time around.
      0 Not allowed!

  19. #144
    Join Date
    Aug 2009
    Location
    Los Angeles
    Posts
    3,338
    Quote Originally Posted by MattF View Post
    Have all WHMCS customers received a direct email from WHMCS instructing them to disable their installations and thus there should no active installations this morning?
    No emails over here (yet). Though IIRC it takes hours on end for their mass mails to fully send out, that is if they are sending one out currently.
      0 Not allowed!

  20. #145
    Join Date
    Nov 2011
    Location
    Harrisburg, PA
    Posts
    2,074
    Quote Originally Posted by MattF View Post
    Have all WHMCS customers received a direct email from WHMCS instructing them to disable their installations and thus there should no active installations this morning?
    Nope, nothing at all. Not a peep. FRH Dave submitted a ticket and got the generic copy / paste response that was quoted earlier, but that's only because we submitted a ticket.

    With a hack of this magnitude, WHMCS absolutely has a duty to reach out to ALL of the resellers and customers and advise them to disable the software until a patch is released. For obvious reasons I won't discuss the implementation or consequences, but THIS IS A VERY SERIOUS BREACH. The only thing to do in the meantime is implement the rules posted earlier by Patrick and/or remove (or rename) your WHMCS folder.

    No matter what version you're running, if you haven't done at least one of these things, you are vulnerable. There is no safe version.
    Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
    "The only thing better than the world's best customer service is never needing them in the first place."
    Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates
      0 Not allowed!

  21. #146
    Join Date
    Nov 2003
    Location
    USA
    Posts
    877
    No I got a email from my ticket that they looking in to it but still nothing let see how long they take to fixed this
    WHMCS Services / City Tecks
    WHMCS Development | Blesta / WISECP Developer
      0 Not allowed!

  22. #147
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Quote Originally Posted by MattF View Post
    Have all WHMCS customers received a direct email from WHMCS instructing them to disable their installations and thus there should no active installations this morning?
    I haven't, and I'm sure they wouldn't want to do this before they get clients up in arms!

    This is just embarrassing to say the least, and, once again shows utter disregard and contempt for their customers.

    We're going on midnight and later here for many customers. What happens at midnight? Many run daily crons, you know, to process invoices, charge cards, etc...

    Matt, cPanel, get your **** together. Get off your asses, start showing respect to your clients, quit spitting in our faces!!! The amount of time it's taken you to resolve, yet another critical issue here is pathetic!
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons
      0 Not allowed!

  23. #148
    Join Date
    Nov 2007
    Posts
    35
    http://www.whmcs.com/members/downloa...laycat&catid=1

    they seem to have just uploaded 5.2.9
      0 Not allowed!

  24. #149
    Join Date
    Nov 2011
    Location
    Harrisburg, PA
    Posts
    2,074
    Several of our vendors have disabled their WHMCS installations as well. Given WHMCS' market share, I'm curious to know what percentage of web hosts are currently unable to accept orders.

    Looks like a fix was released:

    http://blog.whmcs.com/?t=80223

    This resolves the security issue that was publicly disclosed by "localhost" on October 18th, 2013.
    This also includes some additional changes to protect against potential SQL injection vectors and additional security measures for admin account management.
    Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
    "The only thing better than the world's best customer service is never needing them in the first place."
    Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates
      0 Not allowed!

  25. #150
    Join Date
    Nov 2000
    Location
    localhost
    Posts
    3,771
    Quote Originally Posted by twhiting9275 View Post
    I haven't, and I'm sure they wouldn't want to do this before they get clients up in arms!

    This is just embarrassing to say the least, and, once again shows utter disregard and contempt for their customers.

    We're going on midnight and later here for many customers. What happens at midnight? Many run daily crons, you know, to process invoices, charge cards, etc...

    Matt, cPanel, get your **** together. Get off your asses, start showing respect to your clients, quit spitting in our faces!!! The amount of time it's taken you to resolve, yet another critical issue here is pathetic!
    That is surprising, embarrassment or not, i thought an email would be sent several hours ago. Time to verify: for a numpty - 10minutes.
    MattF - Since the start..
      0 Not allowed!

Page 6 of 15 FirstFirst ... 3456789 ... LastLast

Similar Threads

  1. [FEATURED] New WHMCS Exploit
    By Aldryic C'boas in forum Hosting Software and Control Panels
    Replies: 399
    Last Post: 10-18-2013, 03:57 PM
  2. WHMCS Exploit?
    By Dustin B Cisneros in forum Hosting Software and Control Panels
    Replies: 4
    Last Post: 07-11-2013, 11:02 AM
  3. New WHMCS Exploit?
    By Hoosier Mike in forum Hosting Software and Control Panels
    Replies: 41
    Last Post: 03-26-2013, 08:21 PM
  4. WHMCS Exploit?
    By squalled00 in forum Hosting Software and Control Panels
    Replies: 3
    Last Post: 01-19-2012, 03:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •