• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

danblee.com

Tutorials & Knowledge Base Articles for System Administrators who wear many, many hats.

  • Home
  • About
  • Ask Me
  • DBLHost.com

The Value of Updating WHMCS

October 23, 2014 by Dan B. Lee Leave a Comment

Are you using the latest release of WHMCS? Whether you’re a hobby host just doing website hosting for extra coin or you’re heavily invested in WHMCS to operate the core of your business, you should be.

Just like Microsoft Updates nowadays, WHMCS updates have less to do with features and UI changes and more to do with patching security holes. Most all of releases for WHMCS are related to taking care of exposed security issues. Updates and security is such a big issue they have a special blog section for Security Advisories where users can stay up to date with the popular threats, such as the internet famous heartbleed bug, as well as get a monthly overview of how things are doing with the latest Patch Releases.

Why Updates Are Necessary

Updating WHMCS, much like updating any other system or application, is a “never look back” way of protecting your environment. Once updates are done, the security flaws that are taken care of gone for good. Naturally, more security threats will rise in the future, but it’s nice to know that you’re protected from older issues that were discovered years back. Attackers use automated systems to crawl the web looking for access to your app. This could be as easy as making login attempts at your login page, or as sophisticated as creating accounts within your system and attempting to bend the app to their will once logged in. Once the links to your system are found, your app or software is on the “grid” for attackers. This means old and current attacks will occur and you can bet future attacks will happen as well.

Just because your system is updated does not mean outdated attacks will not occur. For example, our WHMCS install was hit with a AES_Encrypt attempt just a few days ago; an issue that was patched back in 2013. Nonetheless, has our system not been updated we would have been compromised. This account was immediately deleted.

Which Security Updates are Important?

Well, all of them, but if you want to get a real breakdown, you can determine the severity based on the importance level WHMCS assigns. Here’s what WHMCS says about their levels. Taken from here.

Critical

A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These would allow complete system compromise and can easily be exploited by automated scripts such as worms.

Important

An important rating applies to vulnerabilities that allow system authentication levels to be compromised. These include allowing local users to elevate their privilege levels, unauthenticated remote users to see resources that should require authentication to view, the execution of arbitrary code by remote users, or any local or remote attack that could result in an denial of service.

Moderate

A moderate rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These usually require that a flawed or unlikely configuration of the system be in place, and only occur in rare situations.

Trivial

A trivial rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, often requiring extremely tight timing of execution and/or for events to occur that are out of the attacker’s control. This rating may also be given to vulnerabilities that, even if successful, impose few or no consequences on the system.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

Filed Under: Web Hosting, WHMCS Tagged With: Patches, Security, Updates, web hosting, WHM, whmcs

Primary Sidebar

Categories

  • Active Directory
    • Group Policy
  • Adobe Photoshop
  • Browsers
    • Chrome
  • Cloud Based Technology
    • Citrix XenApp
  • ConnectWise
    • LabTech
  • Dell
  • Internet Service Providers (ISPs)
  • iPhone
  • Linux
    • CentOS
    • OpenVPN
    • SaltStack
    • Ubuntu
  • Microsoft Office
    • Lync
    • Microsoft Excel
    • Microsoft Outlook
    • Microsoft Word
  • Microsoft Windows
    • Active Directory
    • PowerShell
    • Windows 7
    • Windows 8 Preview & Release
  • Networks
  • News
  • Off Topic
  • Office 365
  • Peripherals
    • Monitors
  • Printers
    • Local Printers
    • Network Printers
  • Programming
    • Python
  • Riverbed
  • Security
  • Sharepoint
  • Social Media
  • Splunk
  • Storage
  • Switching & Routing
    • Cisco
    • Fortinet
  • Technology Culture
    • Opinion
  • Uncategorized
  • Virtualization
    • VEEAM
    • VMware
  • WAMP
  • Web Hosting
    • WHMCS
  • Website Design
  • Windows Server
    • Exchange 2003
    • Exchange 2010
    • Exchange 2013
    • Microsoft SQL
    • Windows Server 2003
    • Windows Server 2008 R2
    • Windows Server 2012
  • WordPress

Footer

Recent Activity

  • Run a python script scheduled on a Windows server – How to Cloud on Log on as Batch Job Rights for Task Scheduler
  • Confluence: Crimson Performance Technologies on Log on as Batch Job Rights for Task Scheduler
  • Confluence: Crimson Performance Technologies on Log on as Batch Job Rights for Task Scheduler
  • VSS Volume Shadow Copy Service - Intro - on Diskshadow, VSSAdmin’s best friend
  • Confluence: Wiki on Diskshadow, VSSAdmin’s best friend

Dan Lee

Dan B. Lee works at SyApps, LLC., a Managed Hosting Solutions Firm, as a Senior Network Engineer. Dan has a decade of IT experience and specializes in a number of different disciplines including Virtualization, Web Site Hosting and Design, Network Security, Data Center Architecture, Local and Remote Server Hosting, and Backup & DRS Solutions. Read More…

Links

  • Home
  • About Dan B. Lee
  • Ask Me
  • Privacy Policy

Copyright © 2019 · Genesis Child Theme on Genesis Framework · WordPress · Log in