Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > BoxSlots hacked and down
BoxSlots hacked and down
| Posted by 0ccul7, 12-15-2011, 04:23 AM |
I see that BoxSlots have completely stopped responding after getting hacked twice.
Any one else here using their services? |
| Posted by jacksters, 12-15-2011, 04:27 AM |
|
They don't reply to me too, I will miss them. |
| Posted by TheSimpleHost-Nathan, 12-15-2011, 06:12 AM |
|
Responding as in website response? http://boxslots.com/ is up for me. |
| Posted by DeltaAnime, 12-15-2011, 06:22 AM |
http://twitter.com/#!/BoxSlots/statu...03514184040448
Since they got an odd font colour:
Quote:
|
Due to the hacking attempt , We have lost our all VPS , But we assure that they will be up and running in 48hrs . So please bare with us .
|
Francisco |
| Posted by SceneSRV, 12-15-2011, 07:55 AM |
Quote:
|
Originally Posted by DeltaAnime
|
It's 3rd time in the last few weeks. |
| Posted by cd/home, 12-15-2011, 08:58 AM |
This WHMCS exploit is causing alot of pain for many providers.
I think the hackers are searching google for the term "Powered By WHMCS" |
| Posted by jj@24khost, 12-15-2011, 09:17 AM |
|
Another reason why total automation is not great there are alway people looking to take it down. |
| Posted by FinerTech, 12-15-2011, 11:19 AM |
Quote:
|
Originally Posted by sosolabs
Another reason why total automation is not great there are alway people looking to take it down.
|
That's crazy... I wish them the best of luck. Manual is always better in my eyes.... More secure too.
Best wishes to the clients, and the provider. Hope it wasn't too bad this time and it's able to be recovered and restore-able. I did notice there website is now loading for me? and I was able to access portal and it was going to allow me to order/checkout with a package.
Has any other providers been effected like this? |
| Posted by bear, 12-15-2011, 11:35 AM |
Quote:
|
Originally Posted by cd/home
This WHMCS exploit is causing alot of pain for many providers.
|
Had they not patched? IF both are as a result of using WHMCS, one would assume they'd at least patched or upgraded after the first one. |
| Posted by Simplex-Ed, 12-15-2011, 11:37 AM |
Quote:
|
Originally Posted by cd/home
This WHMCS exploit is causing alot of pain for many providers.
I think the hackers are searching google for the term "Powered By WHMCS"
|
We've noticed people searching for this term:
http://gyazo.com/aa5cb9bcb9f6018bfbbdb449d5c6be6b.png |
| Posted by Ryanhz, 12-15-2011, 11:58 AM |
|
Never heard of them but hopefully they get their stuff straightened our for the sake of their customers. |
| Posted by blueriverhost, 12-15-2011, 12:48 PM |
|
This 2011 end has proved an end to many hosting providers. |
| Posted by 0ccul7, 12-15-2011, 12:56 PM |
Well, I guess Server Boost is taking over  |
| Posted by blueriverhost, 12-15-2011, 12:59 PM |
I have heard they are offering backups to dedicated while VPS clients have no changes.
Things going the same way as it happened with rapidspeeds. |
| Posted by sprintserve, 12-15-2011, 01:06 PM |
|
Well there's actually indicators when an attempted hack on WHMCS is underway. If that's the same issue being exploited repeatedly, then it's just being careless. Even if you don't patch, there's workarounds to stop the hacks from working. |
| Posted by PISG, 12-15-2011, 02:47 PM |
Very bad.
Also, someone tried hack our server.
Daily monitoring ... |
| Posted by MyITGuy, 12-15-2011, 03:02 PM |
Quote:
|
Originally Posted by cd/home
This WHMCS exploit is causing alot of pain for many providers.
I think the hackers are searching google for the term "Powered By WHMCS"
|
This keyword popped up in my analytics report:
"powered+by+whmcompletesolution+amember"
While my main site uses an unbranded WHMCS, I've completed an acquisition or two where they included or I had temporarily used a branded license. |
| Posted by Chris-WS, 12-15-2011, 03:16 PM |
Quote:
|
Originally Posted by cd/home
This WHMCS exploit is causing alot of pain for many providers.
I think the hackers are searching google for the term "Powered By WHMCS"
|
Very true, we've received like a hundred of tickets with obfuscated js scripts, thankfully we had already patched our WHMCS, but God!, what a pain!  ... |
| Posted by HostMyApple, 12-15-2011, 04:25 PM |
Quote:
|
Originally Posted by sprintserve
Well there's actually indicators when an attempted hack on WHMCS is underway. If that's the same issue being exploited repeatedly, then it's just being careless. Even if you don't patch, there's workarounds to stop the hacks from working.
|
Can you elaborate on these workaround or provide a link?
I'm trying to find additional info on this to prevent these tickets from coming through my system. |
| Posted by 24x7group, 12-15-2011, 04:35 PM |
Boxslots customers are being taken over by Instant Dedicated, which is also using the Global Layer network.
Nothing will change for you as a client - besides the company you are a customer from.
At this moment we will keep on operating under the Boxslots brand name until all clients are moved.
We have already made improvements to make everything more secure and we'll inform you shortly on any further changes.
We would like to thank you for your patience and understanding in this matter |
| Posted by 0ccul7, 12-16-2011, 05:29 AM |
Will the VPS users also be given the service, or only the dedicated server owners?
I would really like to know what is happening
Thanks |
| Posted by 24x7group, 12-16-2011, 07:57 AM |
Most customers are online and safe again. We are working very hard to handle each ticket request as soon as possible.
Customers (VPS, dedicated or shared hosting) who still experience problems are more than happy to create a ticket in the boxslots ticketing system.
Once everything is stable again, we'll be informing each customer with the possibility to be moved over to Instant Dedicated or to find another host. Customers are free to go wherever they want, but we do prefer if they would stay. No servers / services will be terminated until further notice, all remains online whether the service is overdue or not.
I'd like to thank all of the customers for their patience and understanding. |
| Posted by Chris-WS, 12-16-2011, 12:07 PM |
You are supposed to block access to your template files:
<Files ~ "\.tpl$">
Order allow,deny
Deny from all
</Files> |
| Posted by bear, 12-16-2011, 12:16 PM |
Quote:
|
Originally Posted by rustelekom
BTW. Yesterday just another exploit was published for WHCMS.
|
November 7th is not "yesterday". 
Published: Nov 07 2011 12:00AM
Updated: Dec 15 2011 07:38PM
Credit: ZxH-Labs
Vulnerable: WHMCS WHMCS 3.7.1
WHMCS WHMCS 4.2 |
| Posted by sprintserve, 12-16-2011, 01:02 PM |
Quote:
|
Originally Posted by rustelekom
|
This issue has been around for a long time. One of our clients had this attempted on them a few months back. However this can easily be blocked by mod_security and should have been by default as any attempts to traverse the directory path is always going to be most likely a hack even for other scripts. |
| Posted by WHMCS-Matt, 12-16-2011, 01:21 PM |
Quote:
|
Originally Posted by rustelekom
|
This was first reported and patched over 2 months ago, long before it was published at the link you've posted here, so a patch was provided, and well in advance of that posting. These "security sites" unfortunately do not verify or ensure the listings on their site are up-to-date or correct. |
| Posted by vectro, 12-16-2011, 10:54 PM |
The patch: http://forum.whmcs.com/showthread.php?t=43462
Quote:
|
Originally Posted by cd/home
This WHMCS exploit is causing alot of pain for many providers.
I think the hackers are searching google for the term "Powered By WHMCS"
|
I was wondering about that. I patched immediately.
Quote:
|
Originally Posted by sprintserve
Well there's actually indicators when an attempted hack on WHMCS is underway.
|
I had two people try to inject code into the ticket system, but after I had installed the patched.
Quote:
|
Originally Posted by sprintserve
this can easily be blocked by mod_security
|
That's how I found this thread, searching for mod_security stuff I learned in another thread that the default rules in cPanel can block raw code injections, so I see what you mean. I will be testing that next. |
| Posted by M Bacon, 12-17-2011, 03:47 AM |
|
Always check your emails so that you can update your software and so that you can get abuse & dmca notices. You don't want your services to go down unexpectedly. |
| Posted by rustelekom, 12-17-2011, 07:40 AM |
Hm, sorry for that. We do not use WHCMS but some of our clients use it. It seems i was confused with update date:
Bugtraq ID: 50547
Class: Input Validation Error
CVE: CVE-2011-4810
Remote: Yes
Local: No
Published: Nov 07 2011 12:00AM
Updated: Dec 15 2011 07:38PM
Credit: ZxH-Labs
Vulnerable: WHMCS WHMCS 3.7.1
WHMCS WHMCS 4.2 |
| Posted by sprintserve, 12-17-2011, 07:45 AM |
Quote:
|
Originally Posted by HostMyApple
Can you elaborate on these workaround or provide a link?
I'm trying to find additional info on this to prevent these tickets from coming through my system.
|
Chris above mentioned one possible solution. Another thing you could do is to disable the PHP engine in the template directories.
Patching is of course recommended if you can do it, and it doesn't take much time. But by default, the above workaround should be put in anyway just to be on the safe side. |
| Posted by SafeSrv, 12-17-2011, 08:18 AM |
Quote:
|
Originally Posted by rustelekom
Hm, sorry for that. We do not use WHCMS but some of our clients use it. It seems i was confused with update date:
Bugtraq ID: 50547
Class: Input Validation Error
CVE: CVE-2011-4810
Remote: Yes
Local: No
Published: Nov 07 2011 12:00AM
Updated: Dec 15 2011 07:38PM
Credit: ZxH-Labs
Vulnerable: WHMCS WHMCS 3.7.1
WHMCS WHMCS 4.2
|
There very slow at updating things |
| Posted by NodeGurus, 12-19-2011, 11:52 AM |
It seems that serverboost (instantdedicated) have taken over the remains of boxslots now. Shame to see these guys & rapidspeeds go down, weirdly both hosts was linked once in the past..
Hopefully boxslots clients will receive the support they deserve |
Add to Favourites 
Print this Article
Also Read
890m.com down? (Views: 1468)
Shared Hosting
Shared Hosting
