amuck-landowner

New WHMCS Exploit

Jono20201

New Member
Verified Provider
Damn. Disabled ours for now, has this been confirmed? Does just putting the system into Maintenance mode make it 'safe'?
 

Aldryic C'boas

The Pony
Damn. Disabled ours for now, has this been confirmed? Does just putting the system into Maintenance mode make it 'safe'?
Yes, this is confirmed.  After seeing the... utterly incompetant coding practices, I wouldn't trust just using Maintenance mode.  I ripped down our entire install and just put up a placeholder for now.
 

DamienSB

Active Member
Verified Provider
Yes, this is confirmed.  After seeing the... utterly incompetant coding practices, I wouldn't trust just using Maintenance mode.  I ripped down our entire install and just put up a placeholder for now.
Code:
[root@moonbase ~]# service httpd stop
Stopping httpd:                                            [  OK  ]
[root@moonbase ~]#
 

Jono20201

New Member
Verified Provider
Yes, this is confirmed.  After seeing the... utterly incompetant coding practices, I wouldn't trust just using Maintenance mode.  I ripped down our entire install and just put up a placeholder for now.
Mind if I nick your parts of your maintenance message? Too tired to think of something decent.


[root@moonbase ~]# service httpd stop
Stopping httpd:                                            [  OK  ]


[root@moonbase ~]#
Surely best to put a html message up?
 
Last edited by a moderator:

rds100

New Member
Verified Provider
 


RewriteCond %{QUERY_STRING} AES_ENCRYPT

RewriteRule ^(.+) /sorry.html [L]

 

 

This helps? Not sure if %{QUERY_STRING} would catch POST data or what would be the correct variable for that.
 
Last edited by a moderator:

DamienSB

Active Member
Verified Provider
Mind if I nick your parts of your maintenance message? Too tired to think of something decent.


Surely best to put a html message up?
Didn't know if the exploit was real or not - why spend 5 minutes on an error page when you might remove it in an hour. But it looks like this is real, so I’m going to make a page. But either way, people aren't going to care why it is down.
 

George_Fusioned

Active Member
Verified Provider
I added the following on top of my .htaccess

Code:
Order allow,deny
Allow from 127.0.0.1 # for email piping to work
Allow from x.x.x.x # my VPN IP
Deny from all
 
Last edited by a moderator:

Jono20201

New Member
Verified Provider
Wonder how long it'll take WHMCS. Hope they aren't thinking "we'll fix it monday". Lot of lost business.
 
Top
amuck-landowner