The Cloudflare Blog

Subscribe to receive notifications of new posts:

Patching a WHMCS zero day on day zero

2013-10-03

Dane Knecht

1 min read

A critical zero-day vulnerability was published today affecting any hosting provider using WHMCS. As part of building a safer web, CloudFlare has added a ruleset to our Web Application Firewall (WAF) to block the published attack vector. Hosting partners running their WHMCS behind CloudFlare's WAF can enable the WHMCS Ruleset and implement best practices to be fully protected from the attack.

Our friends at WHMCS quickly published a patch here: blog.whmcs.com/?t=79427

CloudFlare recommends applying the patch for your current version of WHMCS or updating WHMCS to version 5.2.8 to close this vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities DDoS WAF

Follow on X

Dane Knecht|@dok2001

Cloudflare|@cloudflare

November 20, 2024 10:00 PM

Bigger and badder: how DDoS attack sizes have evolved over the last decade

If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps). ...

José Salvador

DDoS, Attacks, Trends

November 06, 2024 8:00 AM

Exploring Internet traffic shifts and cyber attacks during the 2024 US election

Election Day 2024 in the US saw a surge in cyber activity. Cloudflare blocked several DDoS attacks on political and election sites, ensuring no impact. In this post, we analyze these attacks, as well Internet traffic increases across the US and other key trends....

Cloudflare Radar, Elections, Athenian Project, Trends, DDoS, Cloudflare for Campaigns, Internet Traffic, Election Security

October 23, 2024 1:05 PM

4.2 Tbps of bad packets and a whole lot more: Cloudflare's Q3 DDoS report

The number of DDoS attacks spiked in the third quarter of 2024. Cloudflare mitigated nearly 6 million DDoS attacks, representing a 49% increase QoQ and 55% increase YoY....

Omer Yoachimik,
Jorge Pacheco

DDoS Reports, DDoS, Advanced DDoS, Cloudflare Radar, Attacks

October 23, 2024 1:00 PM

Training a million models per day to save customers of all sizes from DDoS attacks

In this post we will describe how we use anomaly detection to watch for novel DDoS attacks. We’ll provide an overview of how we build models which flag unusual traffic and keep our customers safe....

Nick Wood,
Manish Arora

DDoS, Deep Dive, Machine Learning