New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
@HC_Ro ah, that one, thanks. But I think the exploit didn't work if you followed the "extra security steps" recommended by whmcs and moved your templates_c, attachments and downloads folder, as suggested in the documentation? http://docs.whmcs.com/Further_Security_Steps
And also whmcs was quite quick to release a fix and announcement about this. So i don't blame them for that one - every software has bugs, they did the right thing in the situation.
it would appear the db has been released
https://twitter.com/#!/joshthegod
Yes, @Daniel pointed out the same.
P.S. I have already downloaded the data and saw the horrible info it has
https://twitter.com/#!/joshthegod
Your a few hours late :P
Been busy today.
@Asim
just noticed lol, what kind of info? PII?
yes, names, emails, address, phone, encrypted (which can be decrypted) CC numbers and such. Even ticket history, replies, emails log and what not
This was just info but when you see that in the dump and posted online, it becomes horrible info
ouch,
Yes all is backed up and uploaded. A lot of work for WHMCS to clean their image now.
http://blog.whmcs.com/?t=47672
You should give them this advise, you may got a chance to get a lifetime WHMCS license
Per some folks on WHT
Seems they found Josh
http://pastebin.com/KrRG81e4
uh oh! http://i46.tinypic.com/28lgmf.jpg
he should be banned from the internet just on the basis of using a dollar store headset
So why did they list the hfu.cc IPs? Just ebcause they hosted their files with them? o0
How that is written reminds of how Aldryic writes :P. Not accusing anybody of anything, of course.
How about we take this opportunity to see if something useful can come from this - such as searching the database for UptimeVPS and seeing if there's any genuine contact details for them?
I know the difference between "your" and "you're" :P
(That, and I prefer housecalls to pastebin threats
)
UgNazi website is down
@Jack There's quite a lot of information at trackingdownuptimevps.org
No surprise it's closed, but the address details might be interesting - completely different area of the country to where it was believed he was.
I thought all details of UptimeVPS were found out already looong ago? The stuff at trackingdownuptimevps.org seems pretty conclusive.
Never hurts to get more - this address is totally different.
If you want to get more, he recieved a plaintext password in his welcome email (not implying that you should try if that password works for his email account or so!)
This might be too easy of a case for the FBI...
Numerous people on WHT have reported tickets and services are not existing in the DB and that the hacker didn't release a full db.
oh jeez, The email table + lib_mysqludf_preg = very quick password retrieval
WHMCS are gonna struggle to recover from this
http://www.webhostingtalk.com/showpost.php?p=8140276&postcount=798
http://www.webhostingtalk.com/showpost.php?p=8140105&postcount=758
http://www.webhostingtalk.com/showpost.php?p=8140113&postcount=762
http://www.webhostingtalk.com/showpost.php?p=8140118&postcount=763
Can anyone here confirm that tickets are not in the db?
then why did you ask me to cite my source if you already know. lol
Aah ok. I wonder why they didn't release a full db.
Wow I am only 20 miles away from this hacker according to his address in that Pastebin.
Look here for more info about Josh: http://whmcs-hacker.soup.io/
Looks like he will have fun with @HostBluff inmates in prison.