Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #16 (permalink)   01-18-2012, 05:40 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,004
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by InstantPH View Post
And even if all the steps in the security guide have been followed, I think you'll find that the security whole is not with WHMCS. If it was, you'd see an influx of posts complaining about WHMCS being hacked. Similar to how we saw a huge amount of posts about the php encode hack in support tickets.
even using the security patch this does not stop the attempts and the support ticket messages

in cpanel you can use account level filtering to setup rules with a fail message or with a block message
a common example that is going around (in my case) is

Code:
 base64_decode
so just setup the settings like this

Quote:
body contains
base64_decode
Quote:
Fail With Message
php code to a ticket system is not a nice thing to do
then users who send that above code in a email to your ticket system (or any other email to your account ) will get the above reply

you can add extra rules to so the above rule only apply to abuse department or other emails

here is a example email that get sended back with the above rule

Quote:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

XXX@XXX
php code to a ticket system is not a nice thing to do
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 


Old
  Post #17 (permalink)   01-19-2012, 09:44 AM
HD Newbie
 
Join Date: Jan 2012
Location: / Root
Posts: 43
Send a message via MSN to WebCare360 Send a message via Yahoo to WebCare360 Send a message via Skype™ to WebCare360

Status: WebCare360 is offline
Well, this is the most scary thing that any hosting provider will ever have to face. Well, I also got such messages a few days back that was encoded with base64 and when I decoded the code that was a scary attacking code :-s.

Well, I contacted the WHMCS support team and they told me that as I have the latest script installed that have already patched for such attacks.

So, I advise you to contact with WHMCS team to get some guideline

Further, to make secure you WHMCS you should take proper security steps.

Good Luck.
 
 
 


Old
  Post #18 (permalink)   01-19-2012, 10:17 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,004
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by WebCare360 View Post
Well, this is the most scary thing that any hosting provider will ever have to face. Well, I also got such messages a few days back that was encoded with base64 and when I decoded the code that was a scary attacking code :-s.

Well, I contacted the WHMCS support team and they told me that as I have the latest script installed that have already patched for such attacks.

So, I advise you to contact with WHMCS team to get some guideline

Further, to make secure you WHMCS you should take proper security steps.

Good Luck.
as long as you have the latest WHMCS security patch as given in the WHMCS forum then you are safe from the attachs, this will not however stop them trying and submitting tickets, so follow my above steps to block the messages from ther attackers and then follow the further security steps by WHMCS http://docs.whmcs.com/Further_Security_Steps
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #19 (permalink)   01-19-2012, 01:00 PM
HD Addict
 
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
Well guys that base64 exploit was recently found in whmcs and is already fixed there is no need to protect it by changing anthing
 
 
 


Old
  Post #20 (permalink)   01-19-2012, 01:10 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,004
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by Bullten View Post
Well guys that base64 exploit was recently found in whmcs and is already fixed there is no need to protect it by changing anthing
yes the patch will stop the attacks from getting into your whmcs installation.

but ask any WHMCS staff then they will al advise you to follow these http://docs.whmcs.com/Further_Security_Steps as an extra security measure as yes the base64 has been sorted but i can guarantee their will other exploits being created to try the same thing. this is how things are as fixing this exploit will not stop IDIOTS trying other ways.

the account level filtering process will bounce back and block all emails/tickets these IDIOTS try and send, saving hosts the time in manually removing these
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #21 (permalink)   01-19-2012, 01:29 PM
HD Newbie
 
Join Date: Jan 2012
Location: / Root
Posts: 43
Send a message via MSN to WebCare360 Send a message via Yahoo to WebCare360 Send a message via Skype™ to WebCare360

Status: WebCare360 is offline
Quote:
Originally Posted by easyhostmedia View Post
as long as you have the latest WHMCS security patch as given in the WHMCS forum then you are safe from the attachs, this will not however stop them trying and submitting tickets, so follow my above steps to block the messages from ther attackers and then follow the further security steps by WHMCS http://docs.whmcs.com/Further_Security_Steps
We had already made the necessary precautionary measures before contacting to WHMCS support team.

But, thanks for your advice
 
 
 


Old
  Post #22 (permalink)   01-19-2012, 04:37 PM
HD Amateur
 
Join Date: Sep 2011
Posts: 83

Status: coloradojaguar is offline
WHMCS posted a security advisory back at the beginning of Dec. It is difficult to say where the hole might be but checking for the most recent security updates on a regular basis can prevent problems in many many systems. It is easy to overlook basic preventative maintenance but overall it is worth the time and effort to prevent in the beginning rather than to try to fix and pinpoint the matter after the fact.
__________________
Hosted solutions provider since 1998 - Serving Houston, Dallas, Atlanta, NJ, and the UK
JaguarPC.com - Managed Hybrid Servers| SSD|Managed VPS Hosting | Dedicated Servers
Reseller US/UK| Cloud
 
 
 


Old
  Post #23 (permalink)   01-19-2012, 04:47 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,004
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by coloradojaguar View Post
WHMCS posted a security advisory back at the beginning of Dec. It is difficult to say where the hole might be but checking for the most recent security updates on a regular basis can prevent problems in many many systems. It is easy to overlook basic preventative maintenance but overall it is worth the time and effort to prevent in the beginning rather than to try to fix and pinpoint the matter after the fact.
yes and for those like me who are registered with WHMCS got a email about this and patched straight away. but if you get your licence from a reseller then you would not be privvy to the email from WHMCS so would not be aware of this and would rely on your reseller to get this info and patch your installation or give you the patch to do it yourself.
so it is a good idea even if you dont get a licence from WHMCS to register with them and also register on their forum
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #24 (permalink)   01-21-2012, 05:29 AM
HD Newbie
 
Join Date: Oct 2011
Posts: 28

Status: dnb1host is offline
beware they will try to hack by support ticket if you use old version better you upgrade to v5.0.2
 
 
 


Old
  Post #25 (permalink)   01-21-2012, 05:36 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,004
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
the latest version is v5.0.3

they will still try in this version, but will fail if you have the patch installed
follow my Post #16 above and this will block these tickets as you will still get the tickets even though the exploit will fail
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #26 (permalink)   01-21-2012, 05:04 PM
HD Newbie
 
Join Date: Oct 2011
Posts: 28

Status: dnb1host is offline
But in V5.0.3 they can't hack you by support ticket WHMCS already update the software
 
 
 


Old
  Post #27 (permalink)   01-21-2012, 06:16 PM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,004
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by dnb1host View Post
But in V5.0.3 they can't hack you by support ticket WHMCS already update the software
if you download a fresh copy now then no as the security patch was added to the software, but it you installed 5.0.2 and then just the update when it come out and have not installed the security patch then yes it can be hacked.

even with the security patch installed you will still receive the tickets with the base64 code even though they cant hack into the system
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers

Last edited by easyhostmedia : 01-21-2012 at 06:23 PM.
 
 
 


Old
  Post #28 (permalink)   01-22-2012, 11:21 AM
HD Addict
 
webling's Avatar
 
Join Date: Dec 2010
Posts: 243

Status: webling is offline
Quote:
Originally Posted by JimmyGibbs View Post
Hello, I use WHMCS for billing and over the yesterday a hacker login to the admin account and change the password, I was able to change the password through phpMyAdmin but that doesn't seem to do anything, the hacker login again and same thing happened 6-7 times, I updated to the latest version of WHMCS and installed the latest security patch. Do you have any idea how the hacker is able to login to the admin account?
Make sure you are using secure passwords
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: