WHMCS 5.2.8 Vulnerability

Netxons

We patched to 5.2.9 it's seem all fine hopefully that's can really fixed the Vulnerability

sman

@Netxons said:
We patched to 5.2.9 it's seem all fine hopefully that's can really fixed the Vulnerability

Glad they got this done in time for the script kiddie shift on the other side of the world where most of these wankers seem to live.

Maounique

@sman said:
the other side of the world where most of these wankers live.

If you live in the western hemisphere, the you are right, eastern hemisphere population outnumber western hemisphere one 6:1, so, even if there are proportionally less script kiddies there due to high cost of internet and computers in most places, chances are they outnumber the ones in the western hemisphere.

mpkossen

Jono20201 said: I know if I was Matt I wouldn't be able to sleep easy at night until I did get an external audit.

Apparently Matt does sleep well knowing his software is broken.

BrianHarrison said: A mod_security filter to protect against this vulnerability has been posted:

If Matt would have just posted that instead of the "Active Development" and "LTS" stuff, it would have actually been a useful post.

Sorry if I sound a bit harsh, but really, this has happened way too many times already.

irm

@mpkossen said:

Yeah you'd think after the 20th time they would just contact an outside firm to do a code audit like SolusVM did. This is kind of ridiculous...

Maounique

@fcfc said:
Yeah you'd think after the 20th time they would just contact an outside firm to do a code audit like SolusVM did. This is kind of ridiculous...

Many people didnt trust solus being serious about the audit. However, solus has a lot of serious OS contenders out there and many people are also coding their own, therefore they had a very good incentive to better themselves fast, competition for WHMCS is not that big so they can still sit on their hands for now, I am sure nobody canceled their subscription and that is unlikely to happen anytime soon, so, good or bad, whmcs does not need to do anything for now against hostbill which cant even select a price to sell the product at...

DewlanceVPS

WHMCS SHAME!!!

They are working on release a new version of WHMCS on this Christmas with full of bugs and security HOLES!!

jar

@sman said:
After playing around with mod_security for the first time all I can say is not impressed. It's a real PiTA. Adds a whole new layer of BS to deal with. Just not what I consider a good solution but of course they mean well.

Simply doesn't play well with one particular application I use a lot so kind of a deal breaker for sites that use it. So far up to 12 ID exclusions for this application and still getting 403 forbidden...sigh.

Got it working with WHMCS so that I can do stuff in admin area but only after I removed about 10 secrule ID's. That is just so far. The more I do things in the admin area the more I get that 403 forbidden which means another trip to the logs to find the ID number each time it happens.

Just adds a whole lot more work and I have better things to do.

Mod_sec is a great thing but you have to put in a lot of hours to perfect it.

Jono20201

Had to have one of our 24 hour support staff keep monitoring WHMCS's blog for the update then call my phone to wake me up so I could apply the fix. Glad I decided to go down that route instead of waiting till 4:30am

William

@mpkossen said:
Apparently Matt does sleep well knowing his software is broken.

Most people sleep well with a company profit of well over 200k GBP / year

vedran

@tuguhost said:
if that script use viewtickets.php page how about if we sent 000 permission to viewtickets.php ? our whmcs would still work

viewtickets.php was only an example, this can be used on basically any page

enitan092

i think http://www.dedicatedminds.com/billing as been exploited...

enitan092

why is there billing on 404 @Jack

concerto49

@enitan092 said:
why is there billing on 404 Jack

They took it down to avoid the hack?

enitan092

@Jack yep 403....

ShardHostSarah

This is getting ridiculous. It also seems to happen when I am away for a day or two. It's a shame there is not a viable security focused/open source alternative to WHMCS.

Is anyone up for a provider mailing list just for WHMCS/SOLUS exploits?

ShardHostSarah

@Jack said:
Shardhostsarah you can subscribe to localhost.re's RSS feed.

This assumes an attack disclosed by localhost.re

trewq

@ShardHostSarah said:

All the latest ones have been.

Reece

@enitan092 said:
i think http://www.dedicatedminds.com/billing as been exploited...

We denied access to the directory to prevent any possible breach. This happened as soon as the exploit went into circulation.

Everything is back online now, thanks to WHMCS for the patch though it was quite early in the morning and typically after I went to bed so it was delayed a little.

jvnadr

@CVPS_Chris Any news when access to billing/client area will be back? There is no way to manage vps without it. Most of other providers are already patched whmcs

jvnadr

@Jack

You are getting this message because the Billing website has been shutdown in order to protect our customer's information and our system from intruders.
We have found a security issue in the WHMCS system that we use. We are waiting for WHMCS to issue a fix.

Please check back here and on the main website (www.chicagovps.net) for any additional information.
For any issues, please email us at: [email protected]

All VPS's will be kept running, they are not affected by this issue at all.

sman

"We have found a security issue in the WHMCS system"

jvnadr

They don't provide solus access, since June

Neoon

@sman "my pet and me" we

Nick

Sadly this "security fix" has broken the mass mail feature, verified with others as well it does not list all clients.

mikho

Good thing I don't mass mail the clients.