DigiRDP hacked
System
Administrator
This discussion was created from comments split from: The Cest Pit of House LES - 2024 - The Sixth of Its Name - The Breaker of Chains.
Comments
Looks like DigiRDP got hacked based on the WHCMS theme exploit
The Ultimate Speedtest Script | Get Instant Alerts on new LES/LET deals | Cheap VPS Deals | VirMach Flash Sales Notifier
FREE KVM VPS - FreeVPS.org | FREE LXC VPS - MicroLXC
I was going to post that, glad you did it first. Indeed cest pit is a good pit stop before the Mods decide if a dedicated thread is required.
blog | exploring visually |
Am I seeing a recent trend of hosts getting breached through WHCMS itself?
@DigiRDP @balramm
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
These breaches are happening purely due to addons/themes. DigiRDP used Lagom for WHMCS which is confirmed to have a security vulnerability. It's a popular theme across the hosting industry.
I am a representative of Advin Servers
I have personally been able to reproduce the same exploit in a test environment with an unpatched version of Lagom. It's an extremely simple exploit that allows anyone to upload basically any file.
The best way to prevent such an exploit (without knowing about it) would be to install a WAF. The problem with this exploit and the last exploit with the HostX/ClientX theme somewhat stems from the fact that you can upload PHP files in some way. Using Cloudflare Pro (not free) WAF automatically detects PHP content in the POST request, which blocks both of these exploits from occurring, at least from what I could tell. I'm sure that there are other firewalls out there that perform similar functionality, like BitNinja. If anyone does go with the Cloudflare Pro route, make absolute sure that every request has to go through the WAF.
I was unable to replicate the same exploit with Cloudflare Pro.
I am a representative of Advin Servers
Mentally strong people write own website using compiled language.
Upload PHP all you want but they don't execute.
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
Bro got fancy RCE due to poor memory management
Check our KVM VPS (flags are clickable): 🇵🇱 🇸🇪 | Looking glass: 🇵🇱 🇸🇪
A joke I know, but I kinda feel that way. 90% of the website would do just fine with static on a CDN
#DeleteWordPress
#DeleteWHMCS
Accepting submissions for IPv6 less than /64 Hall of Incompetence.
I write articles on parchment and send pages via messenger pigeons upon request.
Still, there's always eagles and racoons, so no system is 100% hack-proof...
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
no system is 100% hack-proof...
Air gap with an army of mother-in-laws standing guard. Check and mate.
The theme source code is not publicly available so it's hard for the general public to verify themselves (which is probably a good thing). There seems to be no CVE tracking this issue isn't it?
That said, getting pwned by unrestricted file upload in the [redacted] functionality is an incredibly rookie mistake.
https://lowendtalk.com/discussion/192812/hostus-critical-whmcs-data-breach
Speaking of the devil