Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS 5.2.8 Vulnerability

13»

Comments

  • NetxonsNetxons Member

    We patched to 5.2.9 it's seem all fine hopefully that's can really fixed the Vulnerability

  • smansman Member
    edited October 2013

    @Netxons said:
    We patched to 5.2.9 it's seem all fine hopefully that's can really fixed the Vulnerability

    Glad they got this done in time for the script kiddie shift on the other side of the world where most of these wankers seem to live.

  • MaouniqueMaounique Host Rep, Veteran
    edited October 2013

    @sman said:
    the other side of the world where most of these wankers live.

    If you live in the western hemisphere, the you are right, eastern hemisphere population outnumber western hemisphere one 6:1, so, even if there are proportionally less script kiddies there due to high cost of internet and computers in most places, chances are they outnumber the ones in the western hemisphere.

    Thanked by 1perennate
  • mpkossenmpkossen Member

    Jono20201 said: I know if I was Matt I wouldn't be able to sleep easy at night until I did get an external audit.

    Apparently Matt does sleep well knowing his software is broken.

    BrianHarrison said: A mod_security filter to protect against this vulnerability has been posted:

    If Matt would have just posted that instead of the "Active Development" and "LTS" stuff, it would have actually been a useful post.

    Sorry if I sound a bit harsh, but really, this has happened way too many times already.

  • irmirm Member

    @mpkossen said:

    Yeah you'd think after the 20th time they would just contact an outside firm to do a code audit like SolusVM did. This is kind of ridiculous...

  • MaouniqueMaounique Host Rep, Veteran
    edited October 2013

    @fcfc said:
    Yeah you'd think after the 20th time they would just contact an outside firm to do a code audit like SolusVM did. This is kind of ridiculous...

    Many people didnt trust solus being serious about the audit. However, solus has a lot of serious OS contenders out there and many people are also coding their own, therefore they had a very good incentive to better themselves fast, competition for WHMCS is not that big so they can still sit on their hands for now, I am sure nobody canceled their subscription and that is unlikely to happen anytime soon, so, good or bad, whmcs does not need to do anything for now against hostbill which cant even select a price to sell the product at...

  • DewlanceVPSDewlanceVPS Member, Patron Provider
    edited October 2013

    WHMCS SHAME!!!

    They are working on release a new version of WHMCS on this Christmas with full of bugs and security HOLES!!

    Thanked by 1jenok
  • jarjar Patron Provider, Top Host, Veteran
    edited October 2013

    @sman said:
    After playing around with mod_security for the first time all I can say is not impressed. It's a real PiTA. Adds a whole new layer of BS to deal with. Just not what I consider a good solution but of course they mean well.

    Simply doesn't play well with one particular application I use a lot so kind of a deal breaker for sites that use it. So far up to 12 ID exclusions for this application and still getting 403 forbidden...sigh.

    Got it working with WHMCS so that I can do stuff in admin area but only after I removed about 10 secrule ID's. That is just so far. The more I do things in the admin area the more I get that 403 forbidden which means another trip to the logs to find the ID number each time it happens.

    Just adds a whole lot more work and I have better things to do.

    Mod_sec is a great thing but you have to put in a lot of hours to perfect it.

  • Jono20201Jono20201 Member

    Had to have one of our 24 hour support staff keep monitoring WHMCS's blog for the update then call my phone to wake me up so I could apply the fix. Glad I decided to go down that route instead of waiting till 4:30am

  • WilliamWilliam Member

    @mpkossen said:
    Apparently Matt does sleep well knowing his software is broken.

    Most people sleep well with a company profit of well over 200k GBP / year :)

  • vedranvedran Veteran

    @tuguhost said:
    if that script use viewtickets.php page how about if we sent 000 permission to viewtickets.php ? our whmcs would still work

    viewtickets.php was only an example, this can be used on basically any page

  • enitan092enitan092 Member

    i think http://www.dedicatedminds.com/billing as been exploited...

  • enitan092enitan092 Member

    why is there billing on 404 @Jack

  • concerto49concerto49 Member

    @enitan092 said:
    why is there billing on 404 Jack

    They took it down to avoid the hack?

  • enitan092enitan092 Member

    @Jack yep 403....

  • ShardHostSarahShardHostSarah Member

    This is getting ridiculous. It also seems to happen when I am away for a day or two. It's a shame there is not a viable security focused/open source alternative to WHMCS.

    Is anyone up for a provider mailing list just for WHMCS/SOLUS exploits?

  • ShardHostSarahShardHostSarah Member

    @Jack said:
    Shardhostsarah you can subscribe to localhost.re's RSS feed.

    This assumes an attack disclosed by localhost.re

  • trewqtrewq Administrator, Patron Provider

    @ShardHostSarah said:

    All the latest ones have been.

  • ReeceReece Member

    @enitan092 said:
    i think http://www.dedicatedminds.com/billing as been exploited...

    We denied access to the directory to prevent any possible breach. This happened as soon as the exploit went into circulation.

    Everything is back online now, thanks to WHMCS for the patch though it was quite early in the morning and typically after I went to bed so it was delayed a little.

  • jvnadrjvnadr Member

    @CVPS_Chris Any news when access to billing/client area will be back? There is no way to manage vps without it. Most of other providers are already patched whmcs

  • jvnadrjvnadr Member

    @Jack

    You are getting this message because the Billing website has been shutdown in order to protect our customer's information and our system from intruders.
We have found a security issue in the WHMCS system that we use. We are waiting for WHMCS to issue a fix.

Please check back here and on the main website (www.chicagovps.net) for any additional information.
For any issues, please email us at: [email protected]

All VPS's will be kept running, they are not affected by this issue at all.
  • smansman Member
    edited October 2013

    "We have found a security issue in the WHMCS system"

    Thanked by 1daz123
  • jvnadrjvnadr Member

    They don't provide solus access, since June

  • NeoonNeoon Community Contributor, Veteran

    @sman "my pet and me" we :D

  • NickNick Member, Patron Provider

    Sadly this "security fix" has broken the mass mail feature, verified with others as well it does not list all clients.

  • mikhomikho Member

    Good thing I don't mass mail the clients.

Sign In or Register to comment.