Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

WHMCS Hacked - Page 16

WHMCS Hacked

1101112131416»

Comments

  • @joepie91 said: They would have been responsible if they admitted the breach, timely informed their users, and made a best effort to resolve the situation.

    They didn't?

  • @gsrdgrdghd said: They didn't?

    For hours on end, over 24 hours even, there was no word from WHMCS about the breach towards customers, other than an obscure blog post. A license reseller was faster in informing users by e-mail than WHMCS itself. After the breach, several other servers were breached and WHMCS acted as if nothing was going on, instead of - as they should have done - taking everything offline for a security audit.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • They released a patch, announced it and then replaced the patch with an updated version and did not announce it :S

    That was the icing on the cake for us.

  • DanielMDanielM Disabled

    @Kairus said: Explain. It wasn't WHMCS' fault for getting 'hacked' why would anyone leave them?

    Well thats true and false. they let the company have root details. but not only that they had huge security holes (And still do)

  • DanielMDanielM Disabled

    @GetKVM_Ash said: That was the icing on the cake for us.

    What system are you using now?

  • @DanielM said: they let the company have root details.

    Sure they had to have root details, they were managing the servers.

  • DanielMDanielM Disabled

    @gsrdgrdghd said: Sure they had to have root details, they were managing the servers.

    Part of my point, Hostgator should never have been trusted with such details. with credit card info and such. they should have an inhouse team.

  • subigosubigo Member

    Hurr Durr... I make $500,000 a year from my script, let's host it on a single server and give the keys to the 18 year old kid who makes $10/hour. Hurr Durr...

    Thanked by 2Liam DanielM
  • JarJar Member
    edited June 2012

    Server was compromised. Server was restored from backups, filled with holes thanks to compromised data, multiple times. No indication on front page, no shutting off of sales. They willingly placed their site up to be hacked several times after the initial hack, and continued to accept sales on a compromised platform.

    Not at fault? Maybe not at fault for the access gained through HostGator, but at fault for a lot of other things that left a sour taste in my mouth. I will use a notepad before I ever use them again, because they gave me the impression that sales > security.

    This time their irresponsibility didn't trickle down to the end user's websites being compromised, if they were properly setup and changed their passwords. Next time? Won't be a next time for me.

    Thanked by 1DanielM
  • Wow this thread has 775 comments now :O

    Is that a LET record?

    Thanked by 1DanielM
  • u4iau4ia Member

    @DanielM said: Its digracefull whmcs even tried to get your video censored.

    This. I think it's awesome that @Asim fought against unjust censorship and won.

  • @u4ia said: This. I think it's awesome that @Asim fought against unjust censorship and won.

    Yep :) Kudos, it was obvious fair use.

    Now, my 2 cents about the affair.

    Was it the fault of WHMCS ? Phase one, sorta. Leaving the managing of anything in a third party hand is not a good idea, what the hell, was it that hard to manage their own servers ??? After all, they are not running a fast food over there... Phase two, yeah, definitely. The whole way of handling stuff was unprofessional, top to bottom. From denial mode and trying to cover up by not releasing the whole story when it was obviously available for everyone to check, even censoring random videos on youtube (geee !!!) to restoring the leaked stuff without taking ALL the necessary steps to secure it just because it could have meant more downtime and customers were in "danger" to find out (yeah, like there was someone not knowing about it). It does look like they do not take security seriously, that sales are the most important thing (**** the customers, we already have their money) and this is enough of a reason to look for or support development (inhouse or OS) of alternatives. This is the failure of a model, not a company or some individuals. As long as the market allows it, this is bound to happen again, even worse next time. Is it the bankers fault they are screwing everyone and manipulating everything ruining whole economies ? No, it is the system's fault, where they can buy enough politicians to sort out their losses when they screw up themselves while they keep the profits otherwise. It is gambling, in the end, if it works we keep the profits, if it doesnt, we just "outsource" the losses or just close shop and start again. In the real as well as internet economy. M

    top - 22:32:38 up 906 days, 2:58, 1 user, load average: 3.94, 5.13, 8.38

Sign In or Register to comment.