WHMCS Security Release 4.5.6 and 5.2.6 Update

whmcs logoWHMCS has released new patches for the 4.5, 5.0, 5.1, and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

WHMCS has rated these updates as including critical or important security impacts.

Releases
The following full-release versions of WHMCS have been published and address all known vulnerabilities:
5.2.6

The latest public releases of WHMCS are available inside members area at WHMCS.

WHMCS has been updated to 5.2.6 in Softaculous as well. If you have Softaculous installed on your server you can upgrade to the latest version of WHMCS via Softaculous.

PLEASE NOTE: The 4.5 series reached End Of Life as of June 30th 2013. WHMCS is aware that some customers have not moved to an LTS version due to the newness of the LTS policy. The related 4.5 patch release published along with this Security Advisory is provided as a courtesy to those customers. From this point forward, there will be no more patches provided for 4.5 or any other release that has reached EOL.

There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue.

These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS versions 4.5, 5.0, .5.1, and 5.2.

Source : http://www.whmcs.com

Entire Server Migration

To take backup for entire server:
===============================
To take username alone
# cat /etc/trueuserdomains | awk ‘{print$2}’ >> /home/test  —-to take username
pkgacct:
# for i in `cat 1.txt`;do /scripts/pkgacct $i; mv /home/cpmove-$i.tar.gz /home/Migration/;done    (first create a folder as migration first, then run the cmd)
here 1.txt is a file name…you can replace it by file.txt bt the line should be cat file.txt
SCP:
# scp -rp * destination location (it will migrate whole account in this server)
then restore using the below script
Restore
for x in $(cat 1.txt); do /scripts/restorepkg /home/cpmove-$x.tar.gz; done;  (if it is tar.gz format)
for x in $(cat 1.txt); do /scripts/restorepkg /home/$x.tar; done; (if it is tar format)
cat1.txt should contain all the accounts username which you want to restore (just the name of the user)
 To delete the acct
  for i in `cat delete`; do yes |/scripts/killacct $i;sleep 1; done;
for i in `cat 1.txt`;do /scripts/pkgacct $i; mv /home/cpmove-$i.tar.gz /home/Migration/;done
for i in `cat znteccn.txt`;do /scripts/pkgacct $i; mv /home/cpmove-$i.tar.gz /home/Migration/;done
for x in $(cat 1.txt); do /scripts/restorepkg /home/cpmove-$x.tar.gz; done;
for i in `cat /etc/trueuserdomains | awk ‘{print $2}’`; do /scripts/pkgacct $i; done
for i in `cat text`;do /scripts/pkgacct $i;done

How to monitor and Deal with Spamming ?

It is difficult to track nobody spammers from exim_mainlog file. You can’t get exactly that who is using your server to send spams. If you check php.ini file you will see that the mail service is set to /usr/sbin/sendmail and almost all mail scripts are in use the built in mail(); function for PHP.It means that everything is going through /usr/sbin/sendmail.

We will try to get these users in your Linux Servers.

1. Login to server as root.

2. For safe side turn off exim.

[root@server~]#/etc/init.d/exim stop

3. Backup /usr/sbin/sendmail file. [Your server is using Exim as MTA (Mail Transfer Agent), Exim will use sendfile for just a pointer actually].

[root@server~]#mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden

4. Now we will create a spam monitoring script for the new sendmail programme.

[root@server~]#pico /usr/sbin/sendmail

Paste in the following:

#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, “>>/var/log/spam_log”) || die “Failed to open file ::$!”;
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO “$date – $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n”;
}
else {
print INFO “$date – $PWD – @infon”;
}
my $mailprog = ‘/usr/sbin/sendmail.hidden’;
foreach (@ARGV) {
$arg=”$arg” . ” $_”;
}
open (MAIL,”|$mailprog $arg”) || die “cannot open $mailprog: $!n”;
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);

5. Change the permissions new sendmail.

[root@server~]#chmod +x /usr/sbin/sendmail

6. New log file to save history which using web mail scripts.

[root@server~]#touch /var/log/spam_log

[root@server~]#chmod 0777 /var/log/spam_log

7. Start Exim.

[root@server~]#/etc/init.d/exim start

8. Now try any formmail script or any mail script which uses mail function and monitor new log file (spam_log)

[root@server~]#tail – f /var/log/spam_log

It should give us output like this:

Mon Nov 15 11:00:00 EST 2008 – /home/username/public_html/directory/subdirectory/subsubdirectory – nobody x 99 99 Nobody / /sbin/nologin

9. Log Rotation: This file is not set to be rotated file so there is a possibility that the file comes very large soon in size. So do this,

[root@server~]#pico /etc/logrotate.conf

Find >>

# no packages own wtmp — we’ll rotate them here

/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

Add >>

# SPAM LOG rotation

/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}

10. We will set attributes for new sendmail programme file so it will not get overwritten.

[root@server~]#chattr + i /usr/sbin/sendmail

Now we can get nobody spam users, Goodluck.

How to disable Root Login in cpanel server?

As you dig deeper into server administration, you’ll eventually need to log into your server via SSH as root. Logging into your server as root allows you to easily accomplish many tasks, but it demands a certain level of security precaution.

SSH root logins offer a huge potential security vulnerability. The root user is the administrative user of a server and has full access to the server. If compromised, the root account provides the malicious user with complete control. Anyone logged into a server with root access can write, erase, edit, upload or download any file. It is an all-access pass to your server, and simply guarding your root password isn’t enough to protect yourself.

Disabling SSH root logins

Because of the security risks inherent in direct SSH root access, nearly all VPS packages, including ServInt VPS and Flex dedicated accounts, will be delivered with direct root access disabled by default. If, for some reason, this is not done by your host, you will need to do disable it from the command line in /etc/ssh/sshd_config. Ask your host for more details before editing this file.

Configuring SSH root escalation for cPanel users

Configuring SSH root escalation for a user in cPanel can be accomplished for any server with SSH access by simply adding that cPanel account to the Wheel Group. To do so:

Log into WHM
Navigate to Security Center » Manage Wheel Group Users
Choose the cPanel user and then click Add to Group.
Once done, you will need to restart the SSH from WHM via Restart Services » SSH Server (OpenSSH).

Configuring SSH root escalation for non-cPanel users

To configure SSH root escalation for a non cPanel user, you will need to add that user to the wheel group in WHM (above) and then complete one other step: editing the password file of your server.

Log into the server with root access
Open the password file (located in /etc/passwd)

Note: if you do not know how to open and edit a file directly on the command line, you can learn how to use an editor such as nano.

Each line of the file is for one user. Locate the user you are granting access to and edit the text of that line changing /bin/false to /bin/bash.
Restart the SSH service, either through WHM as outlined previously or using the command “sshd restart”.

Escalating to root as a superuser

With these steps complete, the user can now escalate to root when logged into the server via SSH with their standard credentials. Once logged into the server via SSH, the user simply types the command “su” (superuser) and hits Return. The user will be prompted for the root password and when entered correctly will become the root user.