A few days ago, LowEndTalk member @loay shared a communication from community provider OuiHeberg that their client area had been breached. They run WHMCS and use both Proxmox and Virtualizor for their virtualization management.
OuiHeberg noticed the breach and took all the sensible measures – forcing password resets, migrating some customers to fresh servers, notifying authorities, and communicating with their users. So kudos to OuiHeberg for handling the situation properly and being transparent. They noted that their Virtualizor infrastructure (about 25% of their fleet) “shows a much higher level of compromise” and that “Virtualizor is “now considered to be the entry point of the attack”.
But then the drama started.
On November 13, @virtualizor commented:
We would just like to add that this security breach is not caused by Virtualizor as per the details shared by the Ouiheberg team.
Our internal teams have successfully reproduced the attack by executing a payload via their WHMCS add-on in communication with their API. Virtualizor denies this attack vector and has asked us to deny it as well to avoid “damaging” their brand image. The result is that the attacker did indeed go through Virtualizor via the WHMCS add-on.
And then today:
We will communicate exactly how to exploit the vulnerability to Virtualizor in a video so that they can ‘try’ to patch this type of attack.
Wow! Stay tuned, loyal readers, because this is about to get very interesting.
Related Posts:
If Your Biometric Data is Stolen, Should You Care? Probably Not.
Knock, Knock: How to Shield Your VPS From Port Scanning with Port Knocking
So How Exactly Do You Learn About Security Issues on Your VPS?
Tighten Up Your VPS With an SSH Audit! Let's Look at the ssh-audit Package...Does OpenBSD Score Hig...
Hackers Love Default Windows RDP Ports: Here’s Why You Should Change Yours, and How to Do It
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday
Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.
Leave a Reply