[Resolved] WHMCS Security Issue
-
Saturday, 19th October, 2013
-
09:18am
Thanks to Simon Whittaker from Vertical Structure (a respected server security company from Belfast) for giving us the heads up on this issue last night. Whilst we would quickly have discovered the issue his email resulted in us taking action slightly faster than we would have. Thank You Simon.
WHMCS is the web hosting billing software used by thousands of web hosting companies worldwide. Last night a critical security flaw was discovered in WHMCS and made public via a website. This would have allowed a hacker to potentially compromise a whmcs database. We quickly took steps to completely disable our client area for your protection and you may have noticed it disappeared for a while.
We also implemented some additional mod_security rules (Mod Security is an application level firewall) that were made available by rack911.com (another respected security and server management company) and these remain in place today. WHMCS released a patch overnight and we have immediately patched our install.
All is back to normal.
