amuck-landowner

SolusVM WHMCS Module Vulnerability

drmike

100% Tier-1 Gogent
Wow.  That's a total hack job... Full access.

Wish this info would have waited until after their "audit" :)
 

Patrick

INIZ.COM
Verified Provider
You can still be hacked even if your running in FCGI, just need to crash your php and guess time it restarts etc.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
I have to say that is actually a pretty brilliant exploit, owning the fact that it's a multi-part POST to Solus is amazing.

I am seriously impressed.
 

Steven

New Member
As I said on webhostingtalk, something to make a note of, running fastcgi does not mean you are immune. All someone needs to do is crash your fastcgi processes or webserver. Furthermore, if you run whmcs on a cpanel server with default log processing times and fastcgi, your webserver will restart itself every two hours which makes it predictable.
 

ShardHost

New Member
Verified Provider
As I said on webhostingtalk, something to make a note of, running fastcgi does not mean you are immune. All someone needs to do is crash your fastcgi processes or webserver. Furthermore, if you run whmcs on a cpanel server with default log processing times and fastcgi, your webserver will restart itself every two hours which makes it predictable.
Good advice and welcome.

Some different ways to resolve this:

1) Shutdown Solus

2) Disable API Access

3) Disable access from WHMCS install to Solus

4) Remove the rootpassword.php file

I think this is the tip of the iceberg.  This person at localhost.re is obviously very talented and this latest exploit is very elegant.  This is likely to get a whole lot messier before it gets better. 
 
Last edited by a moderator:

D. Strout

Resident IPv6 Proponent
What fun. What will be next? I'm still waiting for the vulnerability in OpenVZ and/or KVM themselves. The main software of this industry is going to shit, anytime now it will be the actual technologies it is based on. $7/mo dedis or bust!
 

kaniini

Beware the bunny-rabbit!
Verified Provider
What fun. What will be next? I'm still waiting for the vulnerability in OpenVZ and/or KVM themselves. The main software of this industry is going to shit, anytime now it will be the actual technologies it is based on. $7/mo dedis or bust!
The underlying technologies are okay.  The problem is that SolusVM, WHMCS etc are crapware written by incompetent people who have no business writing software, but get away with it because hosting is now the new kind of lemonade stand.  Don't believe me?  Look at that shovenose kid -- he launched a KVM VPS company without even knowing how to use KVM.

Quite frankly, if you don't understand your virtualization stack and enough about writing code to at least take a critical look at the software you are deploying, you don't need to be playing in this industry.

To be frank: let the incompetent providers burn.  It will be a huge win for consumers.
 
Last edited by a moderator:
Top
amuck-landowner