Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
WHMCS Hacked
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

WHMCS Hacked

AsimAsim Member
edited May 2012 in General

Visit WHMCS.COM for yourself to see

Thanked by 1Francisco
«13456715

Comments

  • Woah, this is going to put every WHMCS install at risk.

    The Original Daniel.

  • The guy that hacked it is going to post the entire database.

    Shitz.

    The Original Daniel.

  • AldryicAldryic Member

    @Daniel said: Woah, this is going to put every WHMCS install at risk.

    Except for those of us that put in the extra effort making sure our stuff's secure. I'd recommend that the providers here get with @vld and his company to schedule consultation/pen testing.

  • ElliotJElliotJ Member

    Need to reach me quickly? Ping me on Discord

  • MrAndroidMrAndroid Member
    edited May 2012

    @Aldryic said: Except for those of us that put in the extra effort making sure our stuff's secure. I'd recommend that the providers here get with @vld and his company to schedule consultation/pen testing.

    What I mean is, who know what backdoors WHMCS has just for "their" use.

    or delete all the licenses, causing WHMCS installs to bork.

    The Original Daniel.

  • They were hacked by the "Ex-Leader of Lulzsec".

    Ouch.

    The Original Daniel.

  • FranciscoFrancisco Top Provider

    @Jack said: Maybe they had a shell uploaded since December 1st attack?

    Christ boss, I would have hoped their demo box, company billing & main website were all on different boxes for that very reason.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • FranciscoFrancisco Top Provider

    @Daniel said: They were hacked by the "Ex-Leader of Lulzsec".

    Ouch.

    You sure? I thought the dude was a snitch for the FBI now...

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • jarjar Provider

    Do my eyes deceive me? It's not April 1st. This may fuel some discussion about alternatives today.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @Francisco said: You sure? I thought the dude was a snitch for the FBI now...

    https://twitter.com/#!/joshthegod

    The Original Daniel.

  • @jarland said: Do my eyes deceive me? It's not April 1st. This may fuel some discussion about alternatives today.

    Maybe it was HostBill!

    The Original Daniel.

  • yomeroyomero Member

    Hmmm, someone has a pic? xD
    Now I see just a blank page :D

  • AsimAsim Member

    I got a Video

    I really need to get sometime to code my own system and get rid of WHMCS

  • FranciscoFrancisco Top Provider
    edited May 2012

    @Jack said: @Francisco the site's hosted on your favourite network!

    AS16276 176.31.0.0/16 Ovh Systems
    Address has 5 hosts associated with it.

    Not really surprised, OVH is huge.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • FranciscoFrancisco Top Provider

    @Jack said: you been drinking again?

    It's 8:45AM and I didn't hit the hay till 4AM :( Give me a break :D

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • AsimAsim Member

    Now they are tweeting from WHMCS twitter account? WTF!!

    http://www.whmcs.com Hacked by #UGNazi @UG @ThaCosmo @JoshTheGod @Le4ky @OpAntiGov #UGNazi #OpAntiGov

  • AsadAsad Member

    @Asim said: Now they are tweeting from WHMCS twitter account? WTF!!

    Maybe they use the same password for servers, accounts, twitter.

  • AsimAsim Member

    @Jack said: Is this the end for WHMCS ?

    Not sure, but this is one big blunder IF its really a security loophole, im scared for my own WHMCS installations :S

  • @Asim said: Not sure, but this is one big blunder IF its really a security loophole, im scared for my own WHMCS installations :S

    Not the only one, what if the security issue was inside the WHMCS software itself.

    The Original Daniel.

  • AsimAsim Member

    @AsadHaider said: Maybe they use the same password for servers, accounts, twitter.

    LOL, I hope not

  • SpiritSpirit Disabled
    edited May 2012

    Is also their twitter hacked? https://twitter.com/#!/whmcs

    WHMCS ‏@whmcs

    http://www.whmcs.com Hacked by #UGNazi @UG @ThaCosmo @JoshTheGod @Le4ky @OpAntiGov #UGNazi #OpAntiGov
    Collapse
    5:37 PM - 21 May 12 via web · Details

  • PhilNDPhilND Member

    Anyone else bringing down whmcs installations just incase?

    https://nodedeploy.com | Premium VPS Solutions | Managed

  • AsadAsad Member

    Great to know that I have my credit card details stored with them.

    @Asim said: LOL, I hope not

    Would explain the access to the server and twitter, I doubt it's an issue with WHMCS and rather just the poor security on their server.

  • key900key900 Member, Provider

    Oh shut, Oh :D

    *LetBox.Com Make it Simple, Los Angeles & Dallas & New Jersey - Ryzen Pure NVMe + Block Storage Boxes!. Discord Community https://discord.gg/g6dqjmm
  • yomeroyomero Member

    Cool

    @Asim said: I got a Video

    And lol at the related videos... "how to hack..."

  • jarjar Provider

    @PhilND Also talking about it right now. Better safe than sorry.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • @PhilND said: Anyone else bringing down whmcs installations just incase?

    I shut my install down.

    FreeVPS.us - The oldest post to host VPS provider
  • AsadAsad Member

    Took my install offline as well, better to be safe than sorry until we hear otherwise. :P

  • Holy shit.... I'm taking it down.

  • FranciscoFrancisco Top Provider

    @dmmcintyre3 said: I shut my install down.

    I'm wondering if these guys will issue a mass suspend on people's licenses?

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • PhilNDPhilND Member

    Just taken ours off. Better start doing it guys.

    https://nodedeploy.com | Premium VPS Solutions | Managed

  • FranciscoFrancisco Top Provider

    @Jack said: I suggest something comes out asap! I don't want to use WHMCS anymore I don't feel safe with it.

    The only alternative was hostbill and they're kinda merrrr from what loveVPS was saying.

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • AsadAsad Member

    Running ?licensedebug&forceremote on any installation takes it offline, I thought they cached licenses if the server was down for situations exactly like this?

  • jarjar Provider

    Compressed, hidden, crippled. So, how's hostbill?

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • TaylorTaylor Member

    Well someone is going to have a sleepless night.

    I know, I'm Dale Maily.

  • FranciscoFrancisco Top Provider

    @AsadHaider said: Running ?licensedebug&forceremote on any installation takes it offline, I thought they cached licenses if the server was down for situations exactly like this?

    By default WHMCS' authentication software caches for like 4 - 5 days. They had a few times back in their WHMCS 3 days where they had a day+ downtime due to some equipment issues I think?

    Francisco

    BuyVM - Free DirectAdmin, Softaculous, & Blesta! / Anycast Support! / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
  • This is really fucking worrying.

    Did you guys put it in matianance mode or how did you do it?

  • gsxgsx Member

    I used Clientexec for my business. It has improved a lot in the past two years although there is still a long way to go.

  • PhilNDPhilND Member

    @bijan588 mv the dir, chmod 000 new one, put up notice.

    https://nodedeploy.com | Premium VPS Solutions | Managed

  • @gsx said: I used Clientexec for my business. It has improved a lot in the past two years although there is still a long way to go.

    ClientExec misses a lot of plugin support.

    The Original Daniel.

  • AsadAsad Member

    @Jack said: I tried it and it killed my install saying "INVALID"

    Well done, your WHMCS is going to be offline until whmcs.com comes back up. :)

  • @PhilND going to be a pain from my phone.

  • TaylorTaylor Member

    @PhilND said: put up notice.

    Well said

    Due to @WHMCS Being attacked, we've shut down billing for now, support can be contacted at [email protected]

    I know, I'm Dale Maily.

  • Someone has done it to me, darn.

    The Original Daniel.

  • jarjar Provider
    edited May 2012

    @bijan588 I compressed the directory and deleted it.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • TaylorTaylor Member

    Better pay some invoices before its to late.

    I know, I'm Dale Maily.

  • gsxgsx Member

    @Daniel I agree that Clientexec does miss a lot of plugin support, but we usually deployed accounts manually to review the order. Now we only provide consulting and web design, so only basic invoicing and support is needed.

  • AsadAsad Member

    Looks like they have access back, site shows a maintenance message.

    This site is under maintenance

  • Still loading to ugnazi here, took down our whmcs install ;-)

  • I found out how they were hacked.

    They used social engineering at HostGator to get Matts (from WHMCS) password.

    The Original Daniel.

Sign In or Register to comment.