admin
11-02-2013, بتوقيت غرينيتش 12:58 AM
بسم الله الرحمن الرحيم
اليوم أرسل لي Matt مدير فريق البرمجة في السكريبت script المشهور لإدارة مواقع الإستضافه
WHMCS
رسالة محتواها التالي :
رمز PHP:
<code style="white-space:nowrap"> <code> Dear WHMCS User,
It has been brought to our attention that at some time during the days following the recent release of WHMCS V3.5.1, an unauthorised user managed to gain access to our server through an Apache exploit and was able to add a number of files into the WHMCS V3.5.1 Full Version download available from our client area. The files added were shell scripts which could potentially be used to exploit the server should the functions used not be blocked.
There is a chance that you may have downloaded V3.5.1 at the time when the files were present and so may have inadvertently uploaded them to your server. As a precaution we are asking all customers to check for, and remove, the following files if they are found to be present in your WHMCS folders:
admin/editor/plugins/advlink/langs/eng.php
admin/editor/plugins/insertdatetime/editor_plugin.php
admin/editor/plugins/zoom/editor_plugin.php
modules/reports/server_revenue_tasks.php
modules/servers/interworx/interworx_data.php
NOTE: If you used our professional upgrade or installation services to have WHMCS installed or upgraded by us then you will NOT have been affected.
We have taken action to ensure a breach like this does not occur again and apologize for any inconvenience caused. We would also like to point out that this was not a security problem with WHMCS. I would ask that if you have any concerns or questions, please email support@whmcs.com
Regards,
Matt
Founder / Developer
WHMCS Ltd
www.whmcs.com
</code> </code>
وطبعا كما هو واضح فالموضوع يتكلم علي مستخدمي الإصدار الجديد والمذكور أعلاه 3.5.1 حيث انه في فترة طرح هذا الإصدار تم إختراق سيرفر SERVERات الشركة وتم زرع ملفات خبيثة (شيلات) في ملفات النسخة وعليه يجب علي مستخدمي السكريبت script التأكد من الملفات المذكورة أعلاه في حال كونها موجوده ام لا لضمان أمن وسرية مواقعهم وتعاملاتهم بإذن الله
حبيت احذر وانبه http://www.dzbatna.com/images/smilies/cupidarrow.gif
والسلام خير ختام
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash4/482113_236967293114455_1193518507_n.png (http://www.dzbatna.com)
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى (http://www.dzbatna.com)©
اليوم أرسل لي Matt مدير فريق البرمجة في السكريبت script المشهور لإدارة مواقع الإستضافه
WHMCS
رسالة محتواها التالي :
رمز PHP:
<code style="white-space:nowrap"> <code> Dear WHMCS User,
It has been brought to our attention that at some time during the days following the recent release of WHMCS V3.5.1, an unauthorised user managed to gain access to our server through an Apache exploit and was able to add a number of files into the WHMCS V3.5.1 Full Version download available from our client area. The files added were shell scripts which could potentially be used to exploit the server should the functions used not be blocked.
There is a chance that you may have downloaded V3.5.1 at the time when the files were present and so may have inadvertently uploaded them to your server. As a precaution we are asking all customers to check for, and remove, the following files if they are found to be present in your WHMCS folders:
admin/editor/plugins/advlink/langs/eng.php
admin/editor/plugins/insertdatetime/editor_plugin.php
admin/editor/plugins/zoom/editor_plugin.php
modules/reports/server_revenue_tasks.php
modules/servers/interworx/interworx_data.php
NOTE: If you used our professional upgrade or installation services to have WHMCS installed or upgraded by us then you will NOT have been affected.
We have taken action to ensure a breach like this does not occur again and apologize for any inconvenience caused. We would also like to point out that this was not a security problem with WHMCS. I would ask that if you have any concerns or questions, please email support@whmcs.com
Regards,
Matt
Founder / Developer
WHMCS Ltd
www.whmcs.com
</code> </code>
وطبعا كما هو واضح فالموضوع يتكلم علي مستخدمي الإصدار الجديد والمذكور أعلاه 3.5.1 حيث انه في فترة طرح هذا الإصدار تم إختراق سيرفر SERVERات الشركة وتم زرع ملفات خبيثة (شيلات) في ملفات النسخة وعليه يجب علي مستخدمي السكريبت script التأكد من الملفات المذكورة أعلاه في حال كونها موجوده ام لا لضمان أمن وسرية مواقعهم وتعاملاتهم بإذن الله
حبيت احذر وانبه http://www.dzbatna.com/images/smilies/cupidarrow.gif
والسلام خير ختام
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash4/482113_236967293114455_1193518507_n.png (http://www.dzbatna.com)
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى (http://www.dzbatna.com)©
