Results 126 to 150 of 357
Thread: Another WHMCS exploit
-
10-18-2013, 09:43 PM #126
While that original 'hack' might have been the fault of HG, the infrastructure, poor administration, poor layout and implementation is all 100% on Matt @ WHMCS.
The fact that someone could so easily grab that information means that there were no layers to this at all. Given the size of WHMCS, that's definitely on them.
I see we're still sitting here, with absolutely no resolution . What wonderful support and excellent devs we have over there, right?Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
10-18-2013, 09:44 PM #127Web Hosting Master
- Join Date
- Feb 2004
- Location
- Toronto
- Posts
- 2,308
VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
20 Years in business ~ Premium Hosting in Toronto, Canada ~ 151 Front Street (Canadian owned and operated)0
-
10-18-2013, 09:56 PM #128Junior Guru Wannabe
- Join Date
- May 2008
- Location
- EU
- Posts
- 41
They do not work tonight!
Conveniently left!IWS Networks - Your Web Solutions!
HostPlay.Com - Offshore Fully Managed VPS and Dedicated Servers In Europe
Reliable, 24/7 Premium Support, Fast & Stable Network, Multiple Locations
Shared Hosting * Reseller Hosting * Semi-Dedicated Hosting * Fully Managed VPS and Dedicated Servers0
-
10-18-2013, 09:58 PM #129Top-Notch Hosting
- Join Date
- Aug 2008
- Location
- England, UK
- Posts
- 974
They may well be if they're not using the crap they sell everybody else
Seriously though, the blog says there is an exploit and they're working on a fix. That's it! Nothing about the severity / risk and what actions to take in the interim.
Luckily, many WHT members know the site that usually releases WHMCS exploits and warns us. The only advice I got was from here, which again is to disable, I understand that advice seeing the exloit but not all WHMCS users come here and many of them will be in for a long weekend if compromised.█ LampNetworks - Affordable Web Hosting
█ Hosting locations in United Kingdom & United States
█ cPanel+Softaculous | 99.9% Uptime SLA | Daily & Monthly Backups
█ Custom Hosting Plans Available - Select and Pay only for the Quotas YOU need0
-
10-18-2013, 09:58 PM #130Disabled
- Join Date
- May 2012
- Posts
- 2,234
I honestly can't wait until ClientExec 5.0 comes out, we're highly considering switching over to them as soon as possible, cancelling all of our licenses with them, and ending our WHMCS reseller partnership.
All of these exploits are getting really ridiculous. How hard is it for WHMCS to contact Rack 911 and have their code audited?1
-
10-18-2013, 10:16 PM #131Web Hosting Master
- Join Date
- Aug 2003
- Location
- Dallas, TX USA
- Posts
- 2,812
0
-
10-18-2013, 10:20 PM #132Web Template Master
- Join Date
- May 2009
- Location
- United Kingdom
- Posts
- 1,695
Looks like it's going to be a long night. 3:18 AM and counting.
Hopefully we see a patch soon.█ Zomex ~ Templates & services for web hosting resellers since 2009!
█ #1 Web Hosting Templates for WHMCS Templates | WordPress | HTML | Blesta | Clientexec
█ Professional WHMCS Services | Installation | Configuration | Integration | Upgrades0
-
10-18-2013, 10:27 PM #133WHT Addict
- Join Date
- Aug 2011
- Location
- Denmark
- Posts
- 108
0
-
10-18-2013, 10:30 PM #134Web Template Master
- Join Date
- May 2009
- Location
- United Kingdom
- Posts
- 1,695
█ Zomex ~ Templates & services for web hosting resellers since 2009!
█ #1 Web Hosting Templates for WHMCS Templates | WordPress | HTML | Blesta | Clientexec
█ Professional WHMCS Services | Installation | Configuration | Integration | Upgrades0
-
10-18-2013, 10:30 PM #135Disabled
- Join Date
- Mar 2007
- Posts
- 365
What is taking them so long, I wonder.
No updates on blog, no patch...0
-
10-18-2013, 10:34 PM #136Web Template Master
- Join Date
- May 2009
- Location
- United Kingdom
- Posts
- 1,695
█ Zomex ~ Templates & services for web hosting resellers since 2009!
█ #1 Web Hosting Templates for WHMCS Templates | WordPress | HTML | Blesta | Clientexec
█ Professional WHMCS Services | Installation | Configuration | Integration | Upgrades0
-
10-18-2013, 10:36 PM #137Web Hosting Master
- Join Date
- Sep 2010
- Location
- /usr/bin/fail
- Posts
- 859
0
-
10-18-2013, 10:37 PM #138Aspiring Evangelist
- Join Date
- Jul 2009
- Posts
- 403
★ Nicholas @ EidolonHost
★ Blesta and InterWorx Reseller. See WebHost Licenses for details.
★ We have Let's Encrypt Support0
-
10-18-2013, 10:42 PM #139Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
3
-
10-18-2013, 10:43 PM #140WHT Addict
- Join Date
- Aug 2011
- Location
- Denmark
- Posts
- 108
0
-
10-18-2013, 10:51 PM #141
CE is no better.
At least with WHMCS, things work, and you can rely on professional developers to get things done, for the most part.
With CE, you have to do most billing work manually, you have to 'hope' your registrar is working right , you have to deal with dozens of devs that just don't get their jobs at all.
Been there, done that, pass, TYVMTom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
10-18-2013, 11:11 PM #142Web Hosting Master
- Join Date
- Nov 2000
- Location
- localhost
- Posts
- 3,771
Have all WHMCS customers received a direct email from WHMCS instructing them to disable their installations and thus there should no active installations this morning?
0
-
10-18-2013, 11:15 PM #143Web Hosting Evangelist
- Join Date
- May 2009
- Location
- Markham, Canada
- Posts
- 458
0
-
10-18-2013, 11:16 PM #144Web Hosting Master
- Join Date
- Aug 2009
- Location
- Los Angeles
- Posts
- 3,338
0
-
10-18-2013, 11:16 PM #145Web Hosting Master
- Join Date
- Nov 2011
- Location
- Harrisburg, PA
- Posts
- 2,074
Nope, nothing at all. Not a peep. FRH Dave submitted a ticket and got the generic copy / paste response that was quoted earlier, but that's only because we submitted a ticket.
With a hack of this magnitude, WHMCS absolutely has a duty to reach out to ALL of the resellers and customers and advise them to disable the software until a patch is released. For obvious reasons I won't discuss the implementation or consequences, but THIS IS A VERY SERIOUS BREACH. The only thing to do in the meantime is implement the rules posted earlier by Patrick and/or remove (or rename) your WHMCS folder.
No matter what version you're running, if you haven't done at least one of these things, you are vulnerable. There is no safe version.▐█▌Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
▐█▌"The only thing better than the world's best customer service is never needing them in the first place."
▐█▌Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates0
-
10-18-2013, 11:16 PM #146WS Developer
- Join Date
- Nov 2003
- Location
- USA
- Posts
- 877
No I got a email from my ticket that they looking in to it but still nothing let see how long they take to fixed this
0
-
10-18-2013, 11:18 PM #147
I haven't, and I'm sure they wouldn't want to do this before they get clients up in arms!
This is just embarrassing to say the least, and, once again shows utter disregard and contempt for their customers.
We're going on midnight and later here for many customers. What happens at midnight? Many run daily crons, you know, to process invoices, charge cards, etc...
Matt, cPanel, get your **** together. Get off your asses, start showing respect to your clients, quit spitting in our faces!!! The amount of time it's taken you to resolve, yet another critical issue here is pathetic!Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons0
-
10-18-2013, 11:19 PM #148Junior Guru Wannabe
- Join Date
- Nov 2007
- Posts
- 35
http://www.whmcs.com/members/downloa...laycat&catid=1
they seem to have just uploaded 5.2.90
-
10-18-2013, 11:19 PM #149Web Hosting Master
- Join Date
- Nov 2011
- Location
- Harrisburg, PA
- Posts
- 2,074
Several of our vendors have disabled their WHMCS installations as well. Given WHMCS' market share, I'm curious to know what percentage of web hosts are currently unable to accept orders.
Looks like a fix was released:
http://blog.whmcs.com/?t=80223
This resolves the security issue that was publicly disclosed by "localhost" on October 18th, 2013.
This also includes some additional changes to protect against potential SQL injection vectors and additional security measures for admin account management.▐█▌Fresh Roasted Hosting :: High-performance Harrisburg web hosting since 2012!
▐█▌"The only thing better than the world's best customer service is never needing them in the first place."
▐█▌Shared :: VPS :: Reseller :: Dedicated :: Co-Location :: SSL Certificates0
-
10-18-2013, 11:20 PM #150Web Hosting Master
- Join Date
- Nov 2000
- Location
- localhost
- Posts
- 3,771
0
Similar Threads
-
[FEATURED] New WHMCS Exploit
By Aldryic C'boas in forum Hosting Software and Control PanelsReplies: 399Last Post: 10-18-2013, 03:57 PM -
WHMCS Exploit?
By Dustin B Cisneros in forum Hosting Software and Control PanelsReplies: 4Last Post: 07-11-2013, 11:02 AM -
New WHMCS Exploit?
By Hoosier Mike in forum Hosting Software and Control PanelsReplies: 41Last Post: 03-26-2013, 08:21 PM -
WHMCS Exploit?
By squalled00 in forum Hosting Software and Control PanelsReplies: 3Last Post: 01-19-2012, 03:14 PM