exploit

PHP 5.x Remote Code Execution Exploit available since 2013-10-29. Usage found in logs since 2013-11-04. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign)...

Someone sent me something this morning... They have ongoing fraud/hack situation involving WHMCS and Stripe payments. The hack involves generated credit cards that seem to get through Stripe as valid. The orders are identifiable as certain fields in the account info are ALL CAPS. So far the...

http://localhost.re/p/whmcs-527-vulnerability tl;dr - A rather gaping security hole in WHMCS.  I've taken ours offline - strongly suggest other providers do the same.

From here: http://www.lowendbox.com/blog/a-days-recap-solusvm-exploit-released-ramnode-downtime-and-robert-clarke/#comment-121284 Everyone should be on high alert. EDIT 1: This was posted on LEB

Well, looks like CVPS has also fallen victim to the latest SolusVM Exploit. Given their CP page anyways.  Take a look for yourself! https://manage.chicagovps.net:5656/ Someone posted this on LET, but nobody had posted here. YET. EDIT: TO COMMENT ON THIS THREAD PLEASE VISIT PART 2...

So aside from board favorite RamNode, who else fell victim to the SolusVM exploit? Anyone noticed other low end or even high end providers that were victimized?

Not much details available about this just yet, other than news saying you should patch. http://blog.soluslabs.com/2013/06/16/important-security-alert-new-update/

http://localhost.re/p/solusvm-11303-vulnerabilities Quick fix: remove/chmod 000 centralbackup.php from your master's /usr/local/solusvm/www/ folder. (Thanks Patrick)