u/twhiting9275

Just got this email today

>Hello Tom,

>Tomorrow, May 13, 2026, we will be releasing an important maintenance update for the WHMCS 9.0 and 8.13 series. This release addresses a security vulnerability (CVE-2026-29204) which has been identified in WHMCS 7.4 and later.

>Recommended versions with required updates are WHMCS 9.0.4 and WHMCS 8.13.3 - and will be available at 19:00 PM GMT, Wednesday, May 13, 2026.

>Please note:

>This update is only available for supported WHMCS versions.

>WHMCS customers should update to one of the following versions: 9.0.4 or 8.13.3.

>We strongly recommend that all WHMCS customers prepare to update to the latest available version for their release series as soon as it becomes available.

> Prepare to Update Your WHMCS Installation:

>Self-managed WHMCS installations should be ready to update promptly once the release is available. You can update your installation using the Automatic Updater within the WHMCS admin area: Utilities > Update WHMCS.

>For those who prefer to perform updates manually, full release packages and incremental update files will be available via the WHMCS download page once the release is published.

>As always, please ensure you take a full backup of your system before performing any update.

>WHMCS Cloud Customers

>If you are using WHMCS Cloud, no action is required on your part. Your WHMCS Cloud instance is managed by WHMCS and WebPros Cloud as part of our hosted service and platform maintenance commitments. Updates are managed for you.

>  Thank you for your continued support and for being part of the WHMCS community.

If you haven't already, make sure your WHMCS install is secure. There are many ways to do this. Just make sure you're NOT using an EOL version (8.0.x and earlier)!!!

Fucking hell, this week has been brutal

As of now, there's NO patch for kernels right now, but a one line fix

The vulnerability:
V4bel/dirtyfrag

The fix (as root)

sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"

reboot

Patch your shit

Given the recent vulnerabilities and hacks involving both cPanel and the Linux kernel itself (meaning your own account may be compromised, even if you're not on cPanel), it's time to take an honest look at your backup strategy, and make sure you're following proper backup policies. As someone who's been around the block a decade or three, I can guarantee you, your host does not implement these fully. Relying on them to 'do the right thing' is just waiting for disaster to happen (as many are now finding out, or will shortly)

Proper backup policies

#1: YOU are responsible for your own data, ultimately. Not your host. Not your server provider... YOU. Even if you pay that host/provider extra to handle backups (stupid choice, honestly), it's ultimately your responsibility to ensure your data is safely backed up. This involves multiple copies (will get into that later), and verification

#2: Your server/dc is not an appropriate place for backups. There are just so many things that can go wrong with doing this, but at the end of the day, your server/dc is not an appropriate place to store your backups

#3: ONE backup is not enough. I'm not talking about 'multiple days' . I'm talking about actual backups. You should be storing data in multiple places. For example, cloud, a remote storage location (interserver is cheap AF for storage, and no I'm not affiliated with them), even a dedicated backup drive locally. Always, always, always have multiple locations

#4: Frequency matters. You should be backing up those SQL databases (use export, don't simply compress the directory) every few hours. Personally, I run an SQL backup script every 6. Mail servers should be backed up to a secondary server ready to spin in the blink of an eye if something happens. Websites should be backed up daily, weekly, monthly

#5 Incremental is bad. Compress those backups (zip, tar, etc), store them, but trying to do an incremental backup is just a bad idea. It leads to far more issues than expected

#6: VERIFY BACKUPS. This is one of the most key things In this. You cannot just assume your backup policies are working. You must verify them. Not just once, but, periodically.

#7: Verify restoration works. Yes, verifying those backups partially does this, but, and I can't stress this enough, you NEED to verify that the restoration works. I can't tell you how many times, I've dealt with servers that I went to restore from backups and the restoration flat out didn't work without massive work (I'm looking at you, JetBackup). Don't wait until critical failure to find out you can't restore. Verify that stuff!

I feel for everyone going through crap because of this. Hopefully people will learn and follow these policies, but, 2+ decades of experience tells me that this is just not gonna happen 😞

We've all seen the email and discussion by now. Copilot is, effectively dead. They're switching over to a pay per chat model.

What are your plans if you were using it? I'm shopping now for things, a better VS integration, would love to hear more options and what people have moved off to.

Due to multiple issues (network, support hardware), I've been focusing for the last week or so on moving out of Contabo. Got it all done, but one server at this point, and even that is 99% done

Cancelled the PayPal agreement, because, no, you don't get to charge me again. That's how that works.

Cancelled the servers in my.contabo (8), as they were being replaced . The only one not cancelled at this point is the one that I was working on, but almost completed with

Due date? The 2nd of every month. Plenty of time to finish one server (which IS paid up until May 2)

This morning, I get the lovely suspension email, claiming that funds are due. No, no they aren't. If they **are**, it's on Contabo, not me. I had a billing agreement setup, HAVE had said billing agreement setup for months. Because of funds being due (which, again they aren't), service is being shut down.

See Screenshots. Not horribly worried about the IP addresses, they are all shutdown (by me, except the one they claim is 'overdue').

THIS is what you can expect from Contabo. Unreliable billing, networks that are worthless. Hardware? Well, that's going to depend on your node. Mine was great for months, but recently, it's started to show it's age.

https://preview.redd.it/0v21riarf7xg1.png?width=1937&format=png&auto=webp&s=44d08105ef1fed7c82958ba4001466310df7f3ac

https://preview.redd.it/pestniarf7xg1.png?width=1937&format=png&auto=webp&s=94c1cde8daa30b65d7708f7997e6189df78cee46