Feeds

WHMCS under renewed DDoS blitz after patching systems

'Undesirable people' are all over us

Security for virtualized datacentres

WHMCS, the UK-based billing and customer support tech supplier, has once again come under denial of service attacks, on this occasion following an upgrade of its systems to defend against a SQL injection vulnerability.

The security patch was applied on Tuesday following reports by KrebsOnSecurity that a hacker was auctioning rights to abuse the vulnerability through an underground hacking forum. The then zero-day blind SQL injection supposedly created a mechanism for miscreants to break into web hosting firms that rely on WHMCS's technology. The exploit was on offer at $6,000 for sale to a maximum of three buyers.

In a notice accompanying the patch release, WHMCS stated that it was notified about the problem with its systems by an "ethical programmer".

Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases.

The potential of this is lessened if you have followed the further security steps, but not entirely avoided.

And so we are releasing an immediate patch before the details become widely known.

Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.

The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk. And on that note if any further issues come to light, we will not hesitate to release patches for them - as we hope our past history demonstrates.

The advisory references an incident last week when hackers tricked WHMCS's own hosting firm into handing over admin credentials to its servers. The crew that pulled off the hack, UGNazi, subsequently extracted the billing company's database before deleting files, essentially trashing its server and leaving services unavailable for several hours. The compromised server hosted WHCMS's main website and supported customers' installations of the technology.

UGNazi also seized access to WHMCS's Twitter profile, which it used to publicise locations from which the compromised customer records might be downloaded. A total of 500,000 records, including customer credit card details were exposed as a result of the breach. Hacktivists justified the attack via unsubstantiated accusations that WHMCS offered services to internet scammers.

Last week's breach involved social engineering trickery and wouldn't appear to be related to the SQL Injection vulnerability patched by WHMCS on Tuesday. Since applying the patch WHMCS has come under attack from a fresh run of denial of service assaults, confirmed via the latest available update to WHMCS's Twitter feed on Tuesday afternoon.

We're currently experiencing another heavy DDOS attack - seems somebody doesn't like us protecting our users with a patch ... Back online asap

WHMCS's website remains difficult to reach, at least from Spain, but its official blog, can be found here.

The firm was unreachable for comment at the time of publication. ®

New hybrid storage solutions

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.