Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 10
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

17810121324

Comments

  • @rds100 said: @liam well, he has to host it somewhere after all.

    Your a company with a revenue of over $1,000,000 and you use shared hosting?

  • rds100rds100 Member

    @Daniel i think it was their own dedi, not a shared hosting account.

  • @rds100 said: @Daniel i think it was their own dedi, not a shared hosting account.

    Ah right, but still use HostGator?

    I just looked at the WHMCS News Feed, ouch. http://dl.dropbox.com/u/2734617/Screenshots/k0ys2_mzkhxk.png

  • rds100rds100 Member
    edited May 2012

    I have no experience with HostGator, can't comment. At least they didn't use GoDaddy :)

  • @liam said: Still a lot!

    It is, considering its only been 5 months of the year.

  • laaevlaaev Member

    He also did tell me there were 15-20 staff member accounts, so you have to remember Matt had quite a few employees he had to pay as well.

    But from the info my source has given me WHMCS seems like a very profitable business, why they did not hire a dedicated abuse/security team is beyond me.

  • WHMCS Not Fully hacked - Someone tried too.. But they restored it.. FAST.

    ---------------- WHMCS Send Mail to Us--------------------------
    Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

    To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.

    As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
    Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.

    This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.

    We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.


    WHMCS Limited

    www.whmcs.com

    But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk. :)

  • laaevlaaev Member
    edited May 2012

    @iwebhostu said: But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk. :)

    Wrong, client's WHMCS installs are not affected, but those who paid whmcs.com directly with there CC are indeed affected. There CC details are all over the internet now in a simple database download.

    People on WHT have already claimed to decoded it and get the full CC details already.

    IF you paid WHMCS.com directly with CC destroy it immediately and get it replaced!

  • @iwebhostu said: But this is fascinating !!! God Bless America there is a site name HostGator - That's why we saved. No Credit Card details of ours not in Risk. :)

    All this is HostGators fault.

  • laaevlaaev Member

    @Daniel said: All this is HostGators fault.

    I read somewhere on WHT that someone had access to Matt's email to get the authentication info for HostGator...

    So isn't this Matt's fault to begin with for not having cphulk and having insecure webmail password?

  • MrAndroidMrAndroid Member
    edited May 2012

    @FTN_Kevin said: I read somewhere on WHT that someone had access to Matt's email to get the authentication info for HostGator...

    I heard somewhere that they pretended to be Matt, and then HostGator gave them the password, and Matt used it on other sites (including his gmail)

    So I guess its partly HostGators fault and WHMCSs for using HostGator and using same password everywhere.

  • @FTN_Kevin said: client's WHMCS installs are not affected, but those who paid whmcs.com directly with there CC are indeed affected. There CC details are all over the internet now in a simple database download.

    People on WHT have already claimed to decoded it and get the full CC details already.

    IF you paid WHMCS.com directly with CC destroy it immediately and get it replaced!

    I said the same thing.. guess people who use Hostgator servers for WHMCS Billing are perfectly ok.. LOL! Thinking about HostGator... Is they pay WHMCS by CC?

  • laaevlaaev Member
    edited May 2012

    @iwebhostu said: Thinking about HostGator... Is they pay WHMCS by CC?

    For WHMCS paying HG, according to Subdigo's post here of the chat transcript they paid via CC, not sure about HG > WHMCS though: http://www.lowendtalk.com/discussion/comment/66372#Comment_66372

  • laaevlaaev Member
    edited May 2012

    @Daniel said: I heard somewhere that they pretended to be Matt, and then HostGator gave them the password, and Matt used it on other sites (including his gmail)

    >

    So I guess its partly HostGators fault and WHMCSs for using HostGator and using >same password everywhere.

    So did the hacker first get into his [email protected] email then contact HG, or got the password from HG and got access from there?

    People on WHT are claiming they got in his email in order to find his authentication info (last 4 digits of CC).

    I know when we were a Hostgator client they were very strict about requesting info for verification, like last 4 digits of cc, last transaction number, etc.

  • @FTN_Kevin said: So did the hacker first get into his [email protected] email then contact HG, or got the password from HG and got access from there?

    Not sure.

  • I know HG > WHMCS because there is not HG alone paying to WHMCS.. There is a another company name H9 (hostnine.com) - They provide same services like HG on WHMCS.. Means H9 > WHMCS too..

  • @rds100 said: @Daniel i think it was their own dedi, not a shared hosting account.

    If it was truely their own dedicated server then hostgator wouldn't have any authentication info for it. At that point all hostgator can do is powercycle the server aside from maybe hooking up a remote kvm they can use (which at that point it's trivial to reset a password in linux)

    My guess is it's a managed dedicated server where hostgator does have all the login info and can login to setup things (or access login info in this case).

  • @rds100 said: I have no experience with HostGator, can't comment. At least they didn't use GoDaddy :)

    GoDaddy even store server passwords in plain text too :(

  • subigosubigo Member

    @FTN_Kevin said: A close friend/source of mine actually restored the db on localhost and shown me the following:

    This Month: $240,640.43 USD This Year: $1,660,666.28 USD

    And he told me that WHMCS made nearly $10,000 the day they got hacked.

    From what I can tell, that's from their direct clients and does not include income from their resellers (Licensepal, etc). And even if that was all they made, they're still on track to make around $310k this month.

    And they've had a total of ten employees working for them since the start and only four of them seem to still be working and/or have active accounts (based on email accounts). Not that any of that matters. The main thing is that they make a shit ton of money and the entire company could have been managed a hell of a lot better.

  • rds100rds100 Member

    @vrillusions managed dedicated server, hostgator manages it for them so they have the root.

  • laaevlaaev Member

    @subigo said: The main thing is that they make a shit ton of money and the entire company could have been managed a hell of a lot better.

    I agree, even if they are only making half of what they are making now they should still be able to afford at least a part time security firm and maybe more staff to offer faster resolution times.

    It seems like Ubersmith is the only billing system to offer fast support and phone support as well, however with there pricing structure its definately expected.

  • klikliklikli Member

    It's mad that they don't even have SPF in place. :/

  • AsimAsim Member

    SPF = Sender Policy Framework? or something else?

  • @Asim said: SPF = Sender Policy Framework? or something else?

    correct.

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    I finally received the email, 24 hours after the things got leaked... To notify me that my CC might be compromised. Good thing I pay with paypal.

  • AldryicAldryic Member

    @miTgiB said: You do realize you already resell VPS, right?

    Negative sir. We own the hardware, not resell from some other company. You can't really claim that we're just reselling EGI services <_<;

    @FTN_Kevin said: But from the info my source has given me WHMCS seems like a very profitable business, why they did not hire a dedicated abuse/security team is beyond me.

    The sad part is, they were in the process of doing so. Granted, primarily for pentesting the actual software, but that's a step in the right direction.

    Thanked by 1Mon5t3r
  • rds100rds100 Member

    Someone please remind me what happened in December?

  • miTgiBmiTgiB Member

    @Aldryic said: Negative sir. We own the hardware, not resell from some other company.

    Way to defuse my joke :P Let me approach it this way then, I also buy hardware and domain names and software and resell those to my customers :P

    Thanked by 1Mon5t3r
  • HC_RoHC_Ro Member

    @rds100 said: Someone please remind me what happened in December?

    It was like end of November. A lot of hosts were compromised due to the ability to upload a php shell.

    Theres still people coming into WHT and complaining that they got hacked from that (due to not patching)

    Thanked by 1rds100
  • AldryicAldryic Member

    @miTgiB said: Way to defuse my joke :P

    You didn't think I'd make it easy, did you? XD

Sign In or Register to comment.