Category Archives: Security Advisory

Billing Area Maintenance

WHMCS has released a patch for this security exploit and we are now back online.

http://blog.whmcs.com/?t=80223

= = = = =

After discovering a major security exploit in out billing software – WHMCS – we have decided to completely shut down our billing area and remove it from the publicly accessible Internet. Thousands of WHMCS users are affected by this vulnerability, including nearly every Minecraft server host. If you are running WHMCS, shut it down immediately; maintenance mode may not be enough, we suggest moving it to a completely private directory on your server. This post will be updated with more information as it becomes available.

The following services are unavailable: Billing area (new orders, invoices, support tickets, service list, etc.)

Your Minecraft server will continue to run smoothly and no Multicraft control panels are affected. No cPanel control panels (web hosting) are affected. No TCAdmin control panels (voice servers) are affected.

If you need support for any CubedHost service, please contact us on live chat.

Minecraft Security Advisory – Authentication Exploit

The following has been emailed to all active and/or suspended CubedHost Minecraft customers.

** Please note ** Absolutely NO CubedHost services have been compromised. This is a general Minecraft security advisory.

We have recently become aware of a (working) exploit for the Minecraft protocol, that is a high risk to any server that is in online-mode and using an older CraftBukkit / Spigot build, or vanilla Minecraft.
This security exploit essentially allows for any user to authenticate as any player on your server. We have tested this exploit, and it does indeed work, making this a fairly high security risk.

Further details can be found via Reddit, Planet Minecraft, etc.

We recommend that you update to the latest version of CraftBukkit / Spigot immediately.
As far as we’re currently aware, there is no fix with the Vanilla Minecraft server as of yet.

To update your server, please follow this knowledgebase article.