Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 13
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1101113151624

Comments

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    So wait, isn't WHMCS the guys that would rage on you if you wanted to store your CC's within your own DB because it violated xyz laws or you needed heavy PCI compliance?

    Francisco

    Thanked by 1djvdorp
  • rds100rds100 Member
    edited May 2012

    AFAIK it (PCI compliance) is not an US thing. It is Visa/Mastercard requirement. They are the ones who fine you.

  • SpencerSpencer Member

    @MrDOS said: No. A set of rules anyone in the US must comply with to handle direct credit cards payments (as in, payments not through a payment service such as PayPal).

    Exactly. That is why I don't run credit cards through my WHMCS and only do them through a 3rd party like WHMCS or 2co.

  • @MrDOS said: No. A set of rules anyone in the US must comply with to handle direct credit cards payments (as in, payments not through a payment service such as PayPal). Fines for noncompliance can be in order of hundreds of thousands of dollars per day of noncompliant operation.

    I stand corrected, I thought wrong.

  • subigosubigo Member

    @rds100 said: AFAIK it (PCI complieance) is not an US thing. It is Visa/Mastercard requirement. They are the ones who fine you.

    Correct.

  • MrDOSMrDOS Member

    @rds100 said: AFAIK it (PCI complieance) is not an US thing. It is Visa/Mastercard requirement.

    My bad, then. I knew it was controlled by a conglomerate of credit card companies, but I thought they kept it within US borders.

  • InsidieaInsidiea Member
    edited May 2012

    @Daniel said: I wouldn't think so, as long as you don't do anything malicious or redistribute the data.

    Anyone else wants to add to this/confirm?

  • @Insidiea said: Anyone else wants to add to this/confirm?

    Well this depends very much on your country's legislation.
    However even if its illegal to download/view it i don't think anybody who doesn't abuse the data would get in trouble for it.

    Thanked by 1Insidiea
  • @Insidiea said: Anyone else wants to add to this/confirm?

    Well, I don't think it would hurt just to check what data of yours in there. Thats the reason I downloaded it.

    Thanked by 1Insidiea
  • @Jack said: Dear Ken Nash (UptimeVPS),

    This is a confirmation email that you have registered with WHMCS. Your new account has been setup and you can now login to our client area using the details below.

    So did anyone actually try to login?

  • DaosmbDaosmb Member
    edited May 2012

    @Daniel said: Well, I don't think it would hurt just to check what data of yours in there. Thats the reason I downloaded it.

    I'm a client, do I need to jump in and "check" things? Or is it "just fine"? :)

  • I have a quick question, I quickly skimmed through the 9 pages of this topic and didn't see an answer, I had a WHMCS license through LicensePal, canceled it quite awhile ago. So since I paid at LicensePal, WHMCS doesn't have my credit card details, right?

  • @Daosmb said: I'm a client, do I need to jump in and "check" things? Or is it "just fine"? :)

    If you tell me what to look for i can check it for you

  • AsadAsad Member
    edited May 2012

    @Legendlink said: So since I paid at LicensePal, WHMCS doesn't have my credit card details, right?

    Correct. You're credit card is safe.

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    @AsadHaider said: Correct. You're credit card is save.

    ... untill they get social engineered through their hosting provider....

  • @AsadHaider said: Correct. You're credit card is save.

    I think your meaning safe, if LicensePal was giving out CC info to WHMCS that would be worrying.

  • @BlueVM said: Unfortunately you can't use stolen information in an investigation.

    Who says it's stolen? It may well be "public" found somewhere, which they CAN use in an investigation.

  • SpencerSpencer Member

    When will WHMCS get control of their twitter again ;(

    Thanked by 1Jeffrey
  • JeffreyJeffrey Member

    So, who's willing to hack ugnazi? :P

  • SpencerSpencer Member

    @Jeffrey said: So, who's willing to hack ugnazi? :P

    That would be stooping to their level :p

  • AldryicAldryic Member

    @PytoHost said: That would be stooping to their level :p

    Not like pulling the leaked database to look up financial figures and personal information on other people, right? -_-;

  • SpencerSpencer Member

    @Aldryic said: Not like pulling the leaked database to look up financial figures and personal information on other people, right? -_-;

    Hahaha good point

  • subigosubigo Member

    A new WHMCS exploit scanner is being passed around IRC now. It checks for exploits on every single IP listed as active in the database. It's not that bad now (unless you never update WHMCS), but this is going to make future exploits a bad thing. It's not like most people are going to change their server IP just to protect themselves.

  • SpencerSpencer Member
    edited May 2012

    @subigo said: A new WHMCS exploit scanner is being passed around IRC now. It checks for exploits on every single IP listed as active in the database. It's not that bad now (unless you never update WHMCS), but this is going to make future exploits a bad thing. It's not like most people are going to change their server IP just to protect themselves.

    Phewww I just moved my WHMCS server today (unrelated to the hacking) Perfect day for this to happen!

  • @subigo said: A new WHMCS exploit scanner is being passed around IRC now.

    What shady IRC networks are you on?

    Thanked by 3Spencer Aldryic Jeffrey
  • subigosubigo Member

    @TheHackBox said: What shady IRC networks are you on?

    You can find anything on Freenode, Captain.

  • AldryicAldryic Member

    @subigo said: You can find anything on Freenode, Captain.

    If you're trying to quote Urza from old gammanet, it goes "You can find anything on Freenode, pal. Anything but dignity."

    Thanked by 1djvdorp
  • CoreyCorey Member

    Unfortunately our whmcs license is now invalid because of this and we can't get in to our billing syetem.....

    Time to create our own.

  • where did you all get the client's address from the database? all i see are a bunch of license and domain names .

  • AsadAsad Member

    @cosmicgate said: where did you all get the client's address from the database? all i see are a bunch of license and domain names .

    All the client details are in the sql dump.

Sign In or Register to comment.