If you're a web hosting provider, you have probably heard of WHMCS. It's safe to say you've relied on the client management, billing, and support application to deal with your cheap hosting clients. If this is the case, you should be paying close attention to this post!
The developers of WHMCS have released various emergency security updates for the application in order to correct a vulnerability that allows hackers to conduct SQL injection attacks across multiple WHMCS distributions with the goal of changing or stealing sensitive user information.
WHMCS disclosed the vulnerability on the UK-based company's blog on Thursday October 3 by a user who did not divulge their identity. Even though the company had no clue who the hacker was, credibility was given when that hacker released the exploit code for the attack.
A security advisory was released by the company on their blog that spells out how the attacks were carried out.
But how hard is it to get your hands on a valid login? The anonymous hacker divulged it's as easy as registering a new account on WHMCS's register.php page. Once the exploit is executed, just about any information can be accessed regarding existing account holders, including hashed passwords. This leads to a breach of the admin account.
WHMCS was targeted due to the fact web hosting companies rely on the service to keep their accounts straight. WHMCS integrates with so many other services smoothly and easily: domain registrars; SSL certificate providers; control panels; payment processing services; VPS providers; etc. The software deals with accounts, support, and payment processing, as well as a host of other services.
Attackers seek to exploit hosting providers due to the volume of sensitive information they can get their hands on in a moment's time. We're talking hundreds of thousands of websites being accessed by one simple hack.
Preparation Is Key
CloudFlare has responded to this hacking incident with their Web Application Firewall (WAF). The new feature of the WAF protects customers from being attacked by this WHMCS vulnerability as long as they implement what the company calls “the WHMCS Ruleset.”
It essentially blocks the attack from occurring. As long as the company relying on the WAF implements best practices and activates the WHMCS Ruleset, they should be safe from attack.
WHMCS has published a patch, and users are urged to download it to their current version. Users can also update their version to 5.2.8 in order to protect themselves.
Hackers are always looking for a new way to access sensitive data. It is imperative application vendors and hosting providers are aware of breaches at once, and that they give their users a way to protect their data no matter what. With their speedy response, it is clear WHMCS values their customers, the web hosting providers, and in turn, the customers of those web hosting companies.
Is your cheap hosting company affected by the attacks on WHMCS?