The Cloudflare Blog

Subscribe to receive notifications of new posts:

Patching a WHMCS zero day on day zero

2013-10-03

Dane Knecht

1 min read

A critical zero-day vulnerability was published today affecting any hosting provider using WHMCS. As part of building a safer web, CloudFlare has added a ruleset to our Web Application Firewall (WAF) to block the published attack vector. Hosting partners running their WHMCS behind CloudFlare's WAF can enable the WHMCS Ruleset and implement best practices to be fully protected from the attack.

Our friends at WHMCS quickly published a patch here: blog.whmcs.com/?t=79427

CloudFlare recommends applying the patch for your current version of WHMCS or updating WHMCS to version 5.2.8 to close this vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities DDoS WAF

Follow on X

Dane Knecht|@dok2001

Cloudflare|@cloudflare

October 23, 2024 1:05 PM

4.2 Tbps of bad packets and a whole lot more: Cloudflare's Q3 DDoS report

The number of DDoS attacks spiked in the third quarter of 2024. Cloudflare mitigated nearly 6 million DDoS attacks, representing a 49% increase QoQ and 55% increase YoY....

Omer Yoachimik,
Jorge Pacheco

DDoS Reports, DDoS, Advanced DDoS, Cloudflare Radar, Attacks

October 23, 2024 1:00 PM

Training a million models per day to save customers of all sizes from DDoS attacks

In this post we will describe how we use anomaly detection to watch for novel DDoS attacks. We’ll provide an overview of how we build models which flag unusual traffic and keep our customers safe....

Nick Wood,
Manish Arora

DDoS, Deep Dive, Machine Learning

October 02, 2024 1:00 PM

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack

Over the past couple of weeks, Cloudflare's DDoS protection systems have automatically and successfully mitigated multiple hyper-volumetric L3/4 DDoS attacks exceeding 3 billion packets per second (Bpps). Our systems also automatically mitigated multiple attacks exceeding 3 terabits per second (Tbps), with the largest ones exceeding 3.65 Tbps. The scale of these attacks is unprecedented....

DDoS, Attacks, Trends, Security

September 11, 2024 4:00 PM

How the Harris-Trump US presidential debate influenced Internet traffic

See how the first 2024 US presidential debate between Kamala Harris and Donald Trump influenced Internet traffic patterns compared to the Biden-Trump debate. We also review email trends and observed attack activity....

João Tomé

Cloudflare Radar, Internet Traffic, Elections, Election Security, Trends, Insights, DDoS, USA