# URPad Claiming new WHMCS Vuln



## MannDude (Jul 13, 2014)

Looks like URPad posted about a WHMCS or Solus vulnerability (https://www.facebook.com/urpadhosting/posts/658673524215309), but I can't seem to find anything available in regards to news about this. Has anyone else heard anything? Do you think providers should be concerned or do you think it's fluff?


----------



## iWF-Jacob (Jul 13, 2014)

I certainly have yet to hear anything. Though I'll definitely be keeping an eye out for it now that it's been mentioned.


----------



## Francisco (Jul 14, 2014)

Maybe it's a new exploit in the SolusVM module?

It's the only thing I can make sense of since they left WHMCS online w/o issue.

Does anyone know if they were using the official module?

Francisco


----------



## Nick_A (Jul 14, 2014)

Strange.


----------



## markjcc (Jul 14, 2014)

Francisco said:


> Maybe it's a new exploit in the SolusVM module?
> 
> 
> It's the only thing I can make sense of since they left WHMCS online w/o issue.
> ...


http://docs.solusvm.com/release_versions_stable

The last update for the official stable version was on the date of April 22, 2014

The last thing that I can put my finger on was they're either using the beta module or it's got to do something with the new WHMCS update


----------



## Francisco (Jul 14, 2014)

markjcc said:


> http://docs.solusvm.com/release_versions_stable
> 
> The last update for the official stable version was on the date of April 22, 2014
> 
> The last thing that I can put my finger on was they're either using the beta module or it's got to do something with the new WHMCS update


If it was purely WHMCS they would block WHMCS I would think.

Given Solus' coding practices it's possible that the WHMCS upgrades really botched things but that's pretty

far fetched.

Francisco


----------



## markjcc (Jul 14, 2014)

Worse case scenario, That could be possible. For now I held back on the newest WHMCS update.


----------



## Nick_A (Jul 14, 2014)

Haven't updated WHMCS either.


----------



## George_Fusioned (Jul 14, 2014)

I just contacted both WHMCS and SolusVM and none of them is aware of any exploit at this point.


----------



## MartinD (Jul 14, 2014)

I've seen no-one else mention this apart from UrPad.. and there's been no hints anywhere else like WHT... would suggest something local to be. Maybe more IPMI related problems?


----------



## Aldryic C'boas (Jul 14, 2014)

Or he was running an older version and got wacked again.


----------



## George_Fusioned (Jul 14, 2014)

Or just trying to get some attention?


----------



## Aldryic C'boas (Jul 14, 2014)

Well, that does turn some heads, but not exactly in a reassuring manner.


----------



## Steven (Jul 14, 2014)

We haven't heard or seen anything. They probably got hacked and don't know how and are making assumptions.


----------



## ModulesGarden (Jul 15, 2014)

We haven't heard about anything yet too. Many of our customers are using both WHMCS and SolusVM, sometimes combined with our modules, but no one has reported anything yet. And most likely no one will.


----------



## KuJoe (Jul 15, 2014)

And just like magic, it's fixed without requiring a WHMCS or SolusVM update.  :lol:

https://www.facebook.com/urpadhosting/posts/658912127524782


----------



## MannDude (Jul 19, 2014)

Well, that was strange. I guess it's good news that there wasn't a new vulnerability out or anything. Hope they got whatever it was sorted out.


----------



## definedcode (Jul 20, 2014)

They should probably confirm it's a vulnerability before putting something like that out into the wild. At least they got it fixed.


----------



## S-Jack (Jul 21, 2014)

Thought I would have been upgrading my version! Oh well.


----------



## Askforhost (Jul 22, 2014)

So there is no confirmation yet on such exploit?


----------



## TruvisT (Jul 23, 2014)

Askforhost said:


> So there is no confirmation yet on such exploit?


Correct. We are running the latest versions of all software and have not noticed any issues or problems.

Nothing has been mentioned on any of the mailling lists I am apart of as well. If I do hear something I will let people know. but so far no rumors.


----------



## Hostvesta (Jul 24, 2014)

While we're on topic, has anyone upgraded to the latest version of WHMCS that came out recently?


----------



## ModulesGarden (Jul 24, 2014)

Hostvesta said:


> While we're on topic, has anyone upgraded to the latest version of WHMCS that came out recently?


Yes, we have upgraded our WHMCS to the latest version. So far no troubles.


----------



## KuJoe (Jul 24, 2014)

Hostvesta said:


> While we're on topic, has anyone upgraded to the latest version of WHMCS that came out recently?


We updated our development install and haven't noticed any issues. We're waiting a bit before upgrading our production install.


----------

