WHMCS is a well-known billing and tech support supplier for customers which is based in UK. It has been targeted in the past with DDoS attacks, blocking access to its website. Now, yet another DDoS attack has been launched soon after the company applied a security patch to its system.
According to WHMCS, it was recently made aware by an inside source that a hacker had found a vulnerability in WHMCS’ system and was now selling this vulnerability online. It was being offered for $6,000 to at most three hackers in an underground hacking forum.
The vulnerability apparently made use of a zero-day blind SQL injection which could put WHMCS’s clients, who make use of its technology, at risk. Naturally, WHMCS was quick to apply a security patch to its system to avoid this potential exploit.
According to a notice issued by the company, “Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases. The potential of this is lessened if you have followed the further security steps, but not entirely avoided. And so we are releasing an immediate patch before the details become widely known. Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later.”
Apparently, the patch has vexed the hacker or hackers who have been planning to sell the security vulnerability in the system. And as it to protest that, a DDoS attack has been launched against the website so that it can not be accessed from Spain and numerous other regions. The DDoS attack has bee confirmed by WHMCS on its Twitter profile.
Link to The Patch: http://go.whmcs.com/26/secpatch
Courtesy: The Register