HOW-TO: Protect from recent SolusVM exploits.

KuJoe

Well-Known Member
Verified Provider
It looks like a lot of the recent exploits require access to your SolusVM Master either as a client or as a guest. So here's a quick and easy way to prevent access:

iptables -A INPUT -j ACCEPT -p tcp -s <WHMCS_IP> --destination-port 5353 -i venet0
iptables -A INPUT -j ACCEPT -p tcp -s <WHMCS_IP> --destination-port 5656 -i venet0
iptables -A INPUT -j ACCEPT -p tcp -s <ADMIN1_IP> --destination-port 5353 -i venet0
iptables -A INPUT -j ACCEPT -p tcp -s <ADMIN1_IP> --destination-port 5656 -i venet0
iptables -A INPUT -j ACCEPT -p tcp -s <ADMIN2_IP> --destination-port 5353 -i venet0
iptables -A INPUT -j ACCEPT -p tcp -s <ADMIN2_IP> --destination-port 5656 -i venet0
iptables -A INPUT -j DROP -p tcp --destination-port 5353 -i venet0
iptables -A INPUT -j DROP -p tcp --destination-port 5656 -i venet0Please note that I run my SolusVM Master on an OpenVZ VPS so your interface may be different.
This will allow your WHMCS installation and admins to access SolusVM but will block direct access. Automation will continue to work and clients can manage their VPSs via the SolusVM plugin, I know it's limited but it's better than nothing.

I had a lot more information typed up but IP.Board erased it all so if you have any questions feel free to ask.
 
Last edited by a moderator:

netnub

New Member
Thats a neat way, I suggest all providers do that because I'll be sharing another round of exploits on SolusVM soon.
 

vanarp

Active Member
Thats a neat way, I suggest all providers do that because I'll be sharing another round of exploits on SolusVM soon.

Lol:


Attention providers:


In roughly 12 hours I will be disclosing 3 zero day vulnerabilities on solusvm.


I suggest you take backups fast or else hackers will abuse this. I have tried contacting solusvm to fix it however I have been ignored.


They stated the vuln is
 

KuJoe

Well-Known Member
Verified Provider
Please keep the drama/BS out of this thread so it can attempt to stay on-topic. Thanks. :)
 

wlanboy

Content Contributer
Maybe time that someone is building a little GUI on top of the SolusVM API.

I knew before that I do not want to be a hoster.
 

SkylarM

Well-Known Member
Verified Provider
Does it replace the Solus-provided module completely? Can I do everything I can do in the Solus panel inside WHMCS instead?
I made a post on this forum showing some of the functionality. From a client perspective yes, admin side no. Need a dns manager plugin to manage DNS/rDNS if you did that in Solus though.

Gotta figure out why both the Solus plugin and the Modulesgarden Solus plugin aren't liking the iptables rules and aren't connecting to the server now hmmm
 
Last edited by a moderator:

Cloudrck

Member
Verified Provider
Maybe time that someone is building a little GUI on top of the SolusVM API.

I knew before that I do not want to be a hoster.
Thus creating another layer to exploit. The problem is SolusVM poor coding techniques

I made a post on this forum showing some of the functionality. From a client perspective yes, admin side no. Need a dns manager plugin to manage DNS/rDNS if you did that in Solus though.

Gotta figure out why both the Solus plugin and the Modulesgarden Solus plugin aren't liking the iptables rules and aren't connecting to the server now hmmm
Are your IPtable policies being logged? What do they say? I don't use SolusVM so I can't help much.
 
Last edited by a moderator:

mnpeep

New Member
Verified Provider
Thanks! I'm using this to secure my setup, only my WHMCS and laptop physically located at the datacenter can access SolusVM now.

Let's just hope Teamviewer cooperates.
 
Last edited by a moderator:

SkylarM

Well-Known Member
Verified Provider
Thus creating another layer to exploit. The problem is SolusVM poor coding techniques

Are your IPtable policies being logged? What do they say? I don't use SolusVM so I can't help much.
Yeah it was an issue with the API and the dedicated IP not behaving properly.
 

Aldryic C'boas

The Pony
Hah, nice. Looks like they've made some major improvements (as far as options, at least) on the module. Only reference I had was the module we worked with a couple years back that just threw this big nasty blob into the client area; no ability to enable/disable certain features.
 

Aldryic C'boas

The Pony
If you leave root password on the module, it gives a client the option to either VIEW the password or CHANGE it. Noooot a huge fan of being able to view it like that.
Root passes are viewable? o_O That is straight-up disastrous - they're either storing root passes in plaintext, or merely displaying the WHMCS 'password' field (also plaintext), which is absolutely useless after running `passwd` on the VM (like people should be doing).
 
Top