Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

WHMCS Hacked - Page 11

WHMCS Hacked

18911131416

Comments

  • rds100rds100 Member

    @ElliotJ i guess the same is true for most providers offering "live chat support". That's why i don't understand why people want to use live chat - it is insecure and open to such problems. It is not that hard to login to your client are and submit a ticket...

  • 1q11q1 Member

    no luck trying to decrypt the blobs :/

  • @1q1 said: no luck trying to decrypt the blobs :/

    http://pastebin.com/FrHk9391

    Thanked by 1djvdorp
  • 1q11q1 Member
    edited May 2012

    no luck trying to decrypt the blobs :/

    @gsrdgrdghd said: http://pastebin.com/FrHk9391 Thank you My bad noobness, still don't know where are my faults :/

  • 1q11q1 Member
    edited May 2012

    Now i know why it was not working. UG has changed the issuenumber blobs. lol!

  • RandyRandy Disabled

    lol, WHY Didnt the FBI take that cock sucker down, GearSec already released the Hacker's details

  • JarJar Member

    @Randy My guess is weekend and compiling the evidence. GearSec did a good thing there, but they aren't a legal authority. He'll be going down very soon.

  • RandyRandy Disabled
    edited May 2012

    they actiually got hold of his address , i think the hacker is not that stupid to put his address in public in the whois record right? LOL. its not a weekend? what are you talking about?

  • JarJar Member
    edited May 2012

    Today felt like Tuesday to me, meaning yesterday would've been coming off the weekend. In my defense, I haven't slept much lately ;)

  • @Randy said: lol, WHY Didnt the FBI take that cock sucker down, GearSec already released the Hacker's details

    From what i understand the information GearSec has gathered is from some leaked IRC logs or so. The FBI can't (shouldn't) just arrest someone because some dubious group accused from of hacking WHMCS.

  • RandyRandy Disabled

    they said themselves that they did it, what do you mean that the @UG group is being "accused "?

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @Randy said: what do you mean that the @UG group is being "accused "?

    The group GearSec accused the people they named in their blog to be the people that hacked WHMCS.

  • BHostBHost Member

    Irritating, we actually use Ubersmith, but had toyed in the recent past with switching to WHMCS and had signed up for a license to try it out.

    I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    BHost - London / Amsterdam VPS and Cloud hosting - www.BHost.net
  • @BHost said: I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    There's been a dump on Pastebin of all the decrypted CC details.

    The Original Daniel.

  • @BHost said: I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    I can confirm that your CC data is in the dump and you need to cancel your card.

  • exussumexussum Member

    Even without that dump takes less than 1 min for the php to run and decrypt all

  • BHostBHost Member

    Thanks for the info. Scrambles to call the bank...

    BHost - London / Amsterdam VPS and Cloud hosting - www.BHost.net
  • @gsrdgrdghd said: http://pastebin.com/FrHk9391

    For the record, Reckz0r stole that from http://pastebin.com/EVCxM2zp (he's known to plagiarize things).

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @liam said: Any hackers you don't know?

    Calling those Anonymous or lulz"sec" people "hackers" is an insult for the word hacker :P

    Oh and btw it has been pointed out earlier that @joepie91 has affiliations with lulzsec/anonymous

    Thanked by 1djvdorp
  • AldryicAldryic Member

    @gsrdgrdghd said: Oh and btw it has been pointed out earlier that @joepie91 has affiliations with lulzsec/anonymous

    Old news, but correct. To his defense, he was one of the chaps that hung about in the lulzsec irc channel; he wasn't directly involved with their antics.

  • @liam said: Any hackers you don't know?

    Reckz0r can not be considered in any way, shape, or form a 'hacker', regardless of whether you adhere to the 'media definition' of 'someone that breaks into computers' or the 'real' definition of 'someone that builds things'.

    The point is that Reckz0r has been attentionwhoring all over anon for the past few weeks - I think it'll be hard to find someone involved in anon that doesn't know about him and his constant plagiarism, false claims, and famewhoring.

    (Additionally, I'm not sure how my 'affiliations with anon' [what? It's not even a group] matter here.)

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @joepie91 said: (Additionally, I'm not sure how my 'affiliations with anon' [what? It's not even a group] matter here.)

    They don't really matter (and i don't think anyone here cares), i just provided it as an explanation to @liam why you know all that people.

  • JarJar Member
    edited May 2012

    It's not hard have affiliations with "anonymous." Anyone can post on _chan.___ Fill in the blanks with anything really...

  • @liam said: Any hackers you don't know?

    Jesus is a hacker, he was able to hack physics to walk on water!

    The Original Daniel.

    Thanked by 2djvdorp Liam
  • JarJar Member

    @Daniel Nobody owns the water. It's God's water.

  • @gsrdgrdghd said: They don't really matter (and i don't think anyone here cares), i just provided it as an explanation to @liam why you know all that people.

    Fair enough.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • Hmmm...

    image

    My Advice: : VPS Advice
  • @jarland said: @Daniel Nobody owns the water. It's God's water.

    The fish own it.

    The Original Daniel.

  • @Daniel said: The fish own it.

    Jesus pown'd it!

    My Advice: : VPS Advice
    Thanked by 1Infinity
  • @rds100 said: @ElliotJ i guess the same is true for most providers offering "live chat support". That's why i don't understand why people want to use live chat - it is insecure and open to such problems. It is not that hard to login to your client are and submit a ticket..

    Phone is subject to the same problem, and people want their answers now, not in an hour, not in a day, whatever.

    Looking for support, sysadmin, etc. work: PM
    Working on VPSM
  • Shit. I hope my debit card wasn't leaked. Oh well, hopefully my bank will detect any weird charges if anything happens.

    I go onto Lowendbox to search for a VPS and get this bad news.... ugh.

    Shane Elmore | Programmer In Progress

  • Holy majoly.

    Do my eyes deceive me or has @DepotVPS_Shane returned...

    My Advice: : VPS Advice
  • @DepotVPS_Shane said: I hope my debit card wasn't leaked. Oh well, hopefully my bank will detect any weird charges if anything happens.

    If you used your card on whmcs.com then it has been leaked. I suggest you phone your bank rather than wait for something to happen.

  • @Asad: I might as well. I used licensepal but just to be safe....

    Shane Elmore | Programmer In Progress

  • So we have gathered this.

    WHMCS used HostGator and trusted HostGator with everything. HostGator clearly do not give a damn about their big customer's security, and after a few questions just hand the account over. WHMCS is at fault for using HostGator in the first place when they can clearly afford a dedicated server and clearly have the minimal skills to manage it. Everyone who had their credit card details at WHMCS are now screwed and should cancel their card ASAP and check purchases, as your details are now everywhere. WHMCS should of used a better method for storing CC data, perhaps each daily cron job a URL is sent to the admin where they enter the key to process the transactions.

    The Original Daniel.

  • But what about us LicensePal people? :P

    I might just be calling the bank if LP is effected too...

    Shane Elmore | Programmer In Progress

  • @DepotVPS_Shane said: But what about us LicensePal people? :P

    Should be fine.

    The Original Daniel.

  • rds100rds100 Member

    I don't understand why whmcs chose to store/process credit cards directly in the first place and not use a company specialized in credit card processing.

  • AsimAsim Member

    @Daniel said: WHMCS should of used a better method for storing CC data, perhaps each daily cron job a URL is sent to the admin where they enter the key to process the transactions.

    NO need for that. PCI Compliance states that the creditcard info be saved in a seperate server (not accessible via a LIVEIP) and information saved by using the tokenizing method

    OR

    get out of all that hassle and just use a payment Gateway that allows PCI-Compliance, so you pass the info to that payment-gateway directly (without storing the CC info) and the payment gateway charges it. You can pass flags to ask the payment-gateway to store the card for future needs. Later (on recurring payments etc), you just sent the previous transaction ID OR object-ID and ask the payment-gateway to charge it again.

    Someone clearly did not sort out all these loose ends and we, the customers of WHMCS, are screwed

  • AsimAsim Member

    @rds100 said: I don't understand why whmcs chose to store/process credit cards directly in the first place and not use a company specialized in credit card processing.

    Ditto

  • @DepotVPS_Shane said: But what about us LicensePal people? :P

    I might just be calling the bank if LP is effected too...

    You are fine, the leak doesn't contain your CC information. But it does contain your hashed password, email address, etc so you might want to change your password if you've used it on other sites.

  • @Asim I think ModernBill uses the method I stated, but I agree your idea would be so much better.

    The Original Daniel.

  • @gsrdgrdghd said: You are fine, the leak doesn't contain your CC information. But it does contain your hashed password, email address, etc so you might want to change your password if you've used it on other sites.

    It contains un-hashed passwords, by default WHMCS stores them in the email log.

    The Original Daniel.

  • @Daniel said: It contains un-hashed passwords, by default WHMCS stores them in the email log.

    The dump only includes a fraction of the email table and Shane's Welcome email isn't in it. However 15k other peoples passwords are :(

  • @gsrdgrdghd said: The dump only includes a fraction of the email table and Shane's Welcome email isn't in it. However 15k other peoples passwords are :(

    Yeh, I wondered why it was only half of the database. I guess the entire mail log was a few GB's.

    The Original Daniel.

  • @gsrdgrdghd: Creepy. At least my password isn't there. :P

    Shane Elmore | Programmer In Progress

  • @DepotVPS_Shane said: @gsrdgrdghd: Creepy. At least my password isn't there. :P

    On a GPU MD5 Bruter, probably take around 20 minutes to crack.

    The Original Daniel.

  • epaslvepaslv Member

    It looks like their Twitter account is finally back under their control.

    I was going to tweet "How do we know this is the real WHMCS? Please provide last 4 digits of your credit card number for us to verify..."

    But that would just be too insensitive ....

    Thanked by 1marrco
Sign In or Register to comment.