Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 17
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1141517192024

Comments

  • AsimAsim Member

    @Daniel said: WHMCS should of used a better method for storing CC data, perhaps each daily cron job a URL is sent to the admin where they enter the key to process the transactions.

    NO need for that. PCI Compliance states that the creditcard info be saved in a seperate server (not accessible via a LIVEIP) and information saved by using the tokenizing method

    OR

    get out of all that hassle and just use a payment Gateway that allows PCI-Compliance, so you pass the info to that payment-gateway directly (without storing the CC info) and the payment gateway charges it. You can pass flags to ask the payment-gateway to store the card for future needs. Later (on recurring payments etc), you just sent the previous transaction ID OR object-ID and ask the payment-gateway to charge it again.

    Someone clearly did not sort out all these loose ends and we, the customers of WHMCS, are screwed

  • AsimAsim Member

    @rds100 said: I don't understand why whmcs chose to store/process credit cards directly in the first place and not use a company specialized in credit card processing.

    Ditto

  • @DepotVPS_Shane said: But what about us LicensePal people? :P

    I might just be calling the bank if LP is effected too...

    You are fine, the leak doesn't contain your CC information. But it does contain your hashed password, email address, etc so you might want to change your password if you've used it on other sites.

  • @Asim I think ModernBill uses the method I stated, but I agree your idea would be so much better.

  • @gsrdgrdghd said: You are fine, the leak doesn't contain your CC information. But it does contain your hashed password, email address, etc so you might want to change your password if you've used it on other sites.

    It contains un-hashed passwords, by default WHMCS stores them in the email log.

  • @Daniel said: It contains un-hashed passwords, by default WHMCS stores them in the email log.

    The dump only includes a fraction of the email table and Shane's Welcome email isn't in it. However 15k other peoples passwords are :(

  • @gsrdgrdghd said: The dump only includes a fraction of the email table and Shane's Welcome email isn't in it. However 15k other peoples passwords are :(

    Yeh, I wondered why it was only half of the database. I guess the entire mail log was a few GB's.

  • @gsrdgrdghd: Creepy. At least my password isn't there. :P

  • @DepotVPS_Shane said: @gsrdgrdghd: Creepy. At least my password isn't there. :P

    On a GPU MD5 Bruter, probably take around 20 minutes to crack.

  • epaslvepaslv Member

    It looks like their Twitter account is finally back under their control.

    I was going to tweet "How do we know this is the real WHMCS? Please provide last 4 digits of your credit card number for us to verify..."

    But that would just be too insensitive ....

    Thanked by 1marrco
  • raindog308raindog308 Administrator, Veteran

    Forums still are not.

    And the one day I have a WHMCS question that isn't in the docs...sigh...

  • CoreyCorey Member

    I bet this forces them to hurry and release a new version of WHMCS to regain subscriber base and have secured code once again.

  • KuJoeKuJoe Member, Host Rep

    @Corey said: I bet this forces them to hurry and release a new version of WHMCS to regain subscriber base and have secured code once again.

    Hell, I would release a new version even without any changes just to make people think it's different code. LoL.

  • Someone able to give me a quick run down? The thread is huge :P

  • gianggiang Veteran

    @maxexcloo said: Someone able to give me a quick run down? The thread is huge :P

    WHMCS got hacked, all data leaked with very weak encrypted CC data which has been decrypted now. Their forum even got hacked again 1 day later.

    First, they blamed HostGator for leaking root password of their server. The other day, they blamed vBulletin.

    Thanked by 1maxexcloo
  • Oh Dear, now the blog has been hacked.

    http://blog.whmcs.com/index.php

  • exussumexussum Member

    Lol i wonder what's next ..

  • @onepound said: Oh Dear, now the blog has been hacked.

    LOL the hacking countdown doesn't even need to be dynamic or so, it can just be static HTML with 0 days since the last hack :D

  • @onepound said: Oh Dear, now the blog has been hacked.

    http://blog.whmcs.com/index.php

    Looks like http://haswhmcsbeenhackedtoday.com/ needs to be updated.

  • @Daniel said: Looks like http://haswhmcsbeenhackedtoday.com/ needs to be updated.

    It says 0 days

  • @gsrdgrdghd said: It says 0 days

    Its showing yesterdays hack in the image.

  • NateN34NateN34 Member

    @onepound said: Oh Dear, now the blog has been hacked.

    http://blog.whmcs.com/index.php

    Wow, this has to be a joke or something.........

  • jarjar Patron Provider, Top Host, Veteran

    How hard is it to not reconstruct the same website with the same passwords? Surely that is exactly what is happening. All fresh logins, everywhere. All clean installations. Fresh security optimization by a capable sys admin. How hard is this? It's not like they have this unbelievable wealth of data.

    Thanked by 2maxexcloo djvdorp
  • "Access regained to server, security audit performed, and website restored from backup"

    Why not reinstall the server or move to a new one so that the old one can be audited, these guys aren't making much sense...

  • vedranvedran Veteran

    Matt probably used the same password everywhere, and it looks like they need to hack their sites one by one to make him change those passwords.

  • HarrySXHarrySX Member
    edited May 2012

    @giang said: Even popular hosting company like simplexwebs.com abused WHMCS/HostGator license :(

    Just to clear up, we were not aware of this and would never use nulled software - simplexnetwork.com was in the black listed domains table. Not sure why but our WHMCS is at simplexwebs.com

    Thanks.

  • raindog308raindog308 Administrator, Veteran

    Hmmm, he must be hosting the forum on a 286, because that upgrade script is taking a loooong time :-)

  • AldryicAldryic Member

    @raindog308 said: Hmmm, he must be hosting the forum on a 286, because that upgrade script is taking a loooong time :-)

    That 'upgrade script' password dialogue looked like a very blatant phishing attempt to me.

  • u4iau4ia Member

    @Aldryic said: That 'upgrade script' password dialogue looked like a very blatant phishing attempt to me.

    ohs nos! So I shouldn't have tried to login with my bank account credentials?

  • jarjar Patron Provider, Top Host, Veteran

    @HarrySX My understanding of the takedown notice table is that it could also apply to providers who are hosting clients who may have used a nulled whmcs. I could be wrong about that. I don't think being listed there is a specific indication of direct guilt. As for the blacklisted domains, who knows.

Sign In or Register to comment.