New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Your a company with a revenue of over $1,000,000 and you use shared hosting?
@Daniel i think it was their own dedi, not a shared hosting account.
Ah right, but still use HostGator?
I just looked at the WHMCS News Feed, ouch. http://dl.dropbox.com/u/2734617/Screenshots/k0ys2_mzkhxk.png
I have no experience with HostGator, can't comment. At least they didn't use GoDaddy
It is, considering its only been 5 months of the year.
He also did tell me there were 15-20 staff member accounts, so you have to remember Matt had quite a few employees he had to pay as well.
But from the info my source has given me WHMCS seems like a very profitable business, why they did not hire a dedicated abuse/security team is beyond me.
WHMCS Not Fully hacked - Someone tried too.. But they restored it.. FAST.
---------------- WHMCS Send Mail to Us--------------------------
Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.
To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.
As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.
We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
WHMCS Limited
www.whmcs.com
But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk.
Wrong, client's WHMCS installs are not affected, but those who paid whmcs.com directly with there CC are indeed affected. There CC details are all over the internet now in a simple database download.
People on WHT have already claimed to decoded it and get the full CC details already.
IF you paid WHMCS.com directly with CC destroy it immediately and get it replaced!
All this is HostGators fault.
I read somewhere on WHT that someone had access to Matt's email to get the authentication info for HostGator...
So isn't this Matt's fault to begin with for not having cphulk and having insecure webmail password?
I heard somewhere that they pretended to be Matt, and then HostGator gave them the password, and Matt used it on other sites (including his gmail)
So I guess its partly HostGators fault and WHMCSs for using HostGator and using same password everywhere.
I said the same thing.. guess people who use Hostgator servers for WHMCS Billing are perfectly ok.. LOL! Thinking about HostGator... Is they pay WHMCS by CC?
For WHMCS paying HG, according to Subdigo's post here of the chat transcript they paid via CC, not sure about HG > WHMCS though: http://www.lowendtalk.com/discussion/comment/66372#Comment_66372
>
So did the hacker first get into his [email protected] email then contact HG, or got the password from HG and got access from there?
People on WHT are claiming they got in his email in order to find his authentication info (last 4 digits of CC).
I know when we were a Hostgator client they were very strict about requesting info for verification, like last 4 digits of cc, last transaction number, etc.
Not sure.
I know HG > WHMCS because there is not HG alone paying to WHMCS.. There is a another company name H9 (hostnine.com) - They provide same services like HG on WHMCS.. Means H9 > WHMCS too..
If it was truely their own dedicated server then hostgator wouldn't have any authentication info for it. At that point all hostgator can do is powercycle the server aside from maybe hooking up a remote kvm they can use (which at that point it's trivial to reset a password in linux)
My guess is it's a managed dedicated server where hostgator does have all the login info and can login to setup things (or access login info in this case).
GoDaddy even store server passwords in plain text too
From what I can tell, that's from their direct clients and does not include income from their resellers (Licensepal, etc). And even if that was all they made, they're still on track to make around $310k this month.
And they've had a total of ten employees working for them since the start and only four of them seem to still be working and/or have active accounts (based on email accounts). Not that any of that matters. The main thing is that they make a shit ton of money and the entire company could have been managed a hell of a lot better.
@vrillusions managed dedicated server, hostgator manages it for them so they have the root.
I agree, even if they are only making half of what they are making now they should still be able to afford at least a part time security firm and maybe more staff to offer faster resolution times.
It seems like Ubersmith is the only billing system to offer fast support and phone support as well, however with there pricing structure its definately expected.
It's mad that they don't even have SPF in place.
SPF = Sender Policy Framework? or something else?
correct.
I finally received the email, 24 hours after the things got leaked... To notify me that my CC might be compromised. Good thing I pay with paypal.
Negative sir. We own the hardware, not resell from some other company. You can't really claim that we're just reselling EGI services <_<;
The sad part is, they were in the process of doing so. Granted, primarily for pentesting the actual software, but that's a step in the right direction.
Someone please remind me what happened in December?
Way to defuse my joke :P Let me approach it this way then, I also buy hardware and domain names and software and resell those to my customers :P
It was like end of November. A lot of hosts were compromised due to the ability to upload a php shell.
Theres still people coming into WHT and complaining that they got hacked from that (due to not patching)
You didn't think I'd make it easy, did you? XD