Urgent WHMCS Security Notice

**psfrog** · January 8th, 2008, 11:38 AM

I just got this mail from WHMCS:

Quote:

Dear WHMCS User,

It has been brought to our attention that at some time during the days following the recent release of WHMCS V3.5.1, an unauthorised user managed to gain access to our server through an Apache exploit and was able to add a number of files into the WHMCS V3.5.1 Full Version download available from our client area. The files added were shell scripts which could potentially be used to exploit the server should the functions used not be blocked.

There is a chance that you may have downloaded V3.5.1 at the time when the files were present and so may have inadvertently uploaded them to your server. As a precaution we are asking all customers to check for, and remove, the following files if they are found to be present in your WHMCS folders:

admin/editor/plugins/advlink/langs/eng.php
admin/editor/plugins/insertdatetime/editor_plugin.php
admin/editor/plugins/zoom/editor_plugin.php
modules/reports/server_revenue_tasks.php
modules/servers/interworx/interworx_data.php

NOTE: If you used our professional upgrade or installation services to have WHMCS installed or upgraded by us then you will NOT have been affected.

We have taken action to ensure a breach like this does not occur again and apologize for any inconvenience caused. We would also like to point out that this was not a security problem with WHMCS. I would ask that if you have any concerns or questions, please email support

whmcs.com

Regards,

Matt
Founder / Developer
WHMCS Ltd
www.whmcs.com

**Roxy** · January 8th, 2008, 11:51 AM

Thank you for this post!

Dannycg · January 8th, 2008, 11:52 AM

thanks!
i just checked i haven't got any

Prig · January 8th, 2008, 12:38 PM

I checked too, I'm safe...

**Kayla** · January 8th, 2008, 6:58 PM

The amazing thing is, we (Surpass) didn't get an email.

:-|

**Bigjohn** · January 8th, 2008, 8:35 PM

They emailed users who downloaded during the suspected window, plus or minus a few days... I was clean too.

But - here is the cool bit...

Surpass can now SCAN all the reseller servers and VPS for those file paths!! How's that for proactive security!

**DewKnight** · January 8th, 2008, 11:27 PM

weird, I got an email and didn't download during those dates. good to receive an email though

**panache** · January 9th, 2008, 1:48 AM

I would suggest that surpass also run a scan for those files...

**panache** · January 9th, 2008, 1:55 AM

I had one file.. not all 4

but I am going to get an update again of the files

January 8th, 2008, 11:51 AM	#2 (permalink)
Roxy URB4N 5K1LLZ Super #1 Joined in Sep 2005 Lives in Orlando, FL Hosted on SH63 2,656 posts Gave thanks: 81 Thanked 128 times	Thank you for this post! __________________ Roxanne Urban Roxy -Personal Blog SH63 - the best darn shared server!

January 8th, 2008, 11:52 AM	#3 (permalink)
Dannycg =] Comfy Contributor Joined in Nov 2007 Lives in UK. Hosted on Pass78 122 posts Gave thanks: 5 Thanked 9 times	thanks! i just checked i haven't got any __________________ Pass78

January 8th, 2008, 12:38 PM	#4 (permalink)
Prig is a Comfy Contributor Joined in Jul 2004 Lives in CT Hosted on Pass79 265 posts Gave thanks: 11 Thanked 8 times	I checked too, I'm safe... __________________

January 8th, 2008, 8:35 PM	#6 (permalink)
Bigjohn minor deity Super #1 Joined in Apr 2004 Lives in Georgia Hosted on XEON 7,366 posts Gave thanks: 25 Thanked 94 times	They emailed users who downloaded during the suspected window, plus or minus a few days... I was clean too. But - here is the cool bit... Surpass can now SCAN all the reseller servers and VPS for those file paths!! How's that for proactive security! __________________ Proud to be a Surmunity Mod! XEON PASS60 PASS61 Make a fundamental difference! My Sites: Curious about Brewing Beer? Join the community! >>>>> Some Change is GOOD! Keep your paycheck! Support the Fair Tax Get into an Art museum Victorian London It's your brain -*ON WEB* - mybrainhost.com (under development) What SHOULD Government do? Much Less than it Does!

January 8th, 2008, 11:27 PM	#7 (permalink)
DewKnight Skittles Super #1 Joined in Aug 2004 Lives in a space ship Hosted on dedi 6,725 posts Gave thanks: 98 Thanked 190 times	weird, I got an email and didn't download during those dates. good to receive an email though __________________ Mountain Dew Knight People should not be afraid of their governments. Governments should be afraid of their people.

January 8th, 2008, 6:58 PM	#5 (permalink)
Kayla Searcher Surpass Staff Joined in May 2003 Lives in Orlando 24,699 posts Gave thanks: 943 Thanked 806 times	The amazing thing is, we (Surpass) didn't get an email. :-\|

January 9th, 2008, 1:48 AM	#8 (permalink)
panache Surpass Fan Excelling Contributor Joined in Dec 2005 Lives in my computer Hosted on pass86'd 653 posts Gave thanks: 55 Thanked 14 times	I would suggest that surpass also run a scan for those files... __________________

January 9th, 2008, 1:55 AM	#9 (permalink)
panache Surpass Fan Excelling Contributor Joined in Dec 2005 Lives in my computer Hosted on pass86'd 653 posts Gave thanks: 55 Thanked 14 times	I had one file.. not all 4 but I am going to get an update again of the files __________________

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search