Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 3
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1356724

Comments

  • AsadAsad Member

    @Daniel said: They probably have the WHMCS source now

    I doubt they use an unencrypted version on their site install. It's probably a production release.

  • DanielMDanielM Member

    @Jack said: LUL all i can say

    I knew this was gonna happen anytime soon. Ever since last update

  • jhjh Member

    Wow this is worrying :/

  • gsxgsx Member
    edited May 2012

    Lesson learned. Train your employees in how to detect and prevent social engineering. It is still the largest vulnerability because people simply don't expect it.

    Thanked by 1djvdorp
  • TaylorTaylor Member

    @Spirit said: Who's peformer of the catchy music in the background of those hackers page?

    >

    rucka rucka ali

    ruckasworld.com/

    Thanked by 1Spirit
  • Sucks I'm not home, this is going to be interesting.

  • KuJoeKuJoe Member, Host Rep

    Wow, kinda wish I would have stuck to the original plan and not went with WHMCS. The backend I am using now was originally supposed to be a WHMCS and SolusVM replacement but I removed all of the billing portion of the code since I didn't have the need to finish it. :(

  • MrAndroidMrAndroid Member
    edited May 2012

    The WHMCS forums are online http://forum.whmcs.com/showthread.php?t=47644

  • unusedunused Member

    @KuJoe , same boat - revisiting that, or at least adding a layer using the API so WHMCS can be kept out of reach

  • DanielMDanielM Member
    edited May 2012

    @Jack said: What the 1st December hack? update or ?

    Yeh, When i ment update i ment last hack/vuln

  • raindog308raindog308 Administrator, Veteran

    @KuJoe, @unused - unless I'm misinterpreting things, a WHMCS product vulnerability was not exploited in this attack...?

  • AsadAsad Member

    @raindog308 said: unless I'm misinterpreting things, a WHMCS product vulnerability was not exploited in this attack...?

    Yeah that's right, it was the hosting account itself from Hostgator which gave them full access to the files and database.

  • AldryicAldryic Member

    Interesting find on Google: http://pastelol.com/1UJMGR

  • joepie91joepie91 Member, Patron Provider

    @Daniel said: They were hacked by the "Ex-Leader of Lulzsec".

    Ouch.

    Uhm, are you sure? Last time I checked UGNazi had nothing to do with Lulzsec whatsoever.

  • BlazeMuisBlazeMuis Member
    edited May 2012

    ugnazi.com = down

    DERP

    image

  • joepie91joepie91 Member, Patron Provider

    @Jack said: http://twitter.com/#!/JoshTheGod

    "Boss's of UgNazi [email protected] Ex - Leader of Lulzsec

    UGNazi · http://UGNazi.com"

    'Ex-Leader of Lulzsec' is a popular parody that quite a lot of people use since a few attentionwhores (two, to be exact) tried to really pick up that title. It doesn't actually mean anything. There's probably a dozen Twitter accounts claiming the exact same.

  • @Jack said: root@local [~]# ping 176.31.237.84

    PING 176.31.237.84 (176.31.237.84) 56(84) bytes of data.

    --- 176.31.237.84 ping statistics ---

    1 packets transmitted, 0 received, 100% packet loss, time 0ms

    root@local [~]#

    It's not the best idea for "UGNAZI" to host on OVH as I'm sure WHMCS and Solus have close relations and I know Solus has many test nodes in OVH.

    Never Ever hack whmcs.com
    Bad things will happen...

  • rds100rds100 Member

    UPDATE 18:09 The license checking server is now back online and providing valid license responses. So if you were experiencing licensing errors before, these should now be resolved. Our website and ticket desk should be back online within the next 30-60 minutes.

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    So, if it was compromised account, what is the point in taking down our WHMCS installations off?

    Also, suggest me some pen testing company.. We are about to launch a new website and it wouldnt hurt to pentest the WHMCS as well.

  • AsadAsad Member

    @rds100 Yeah, they've put the licensing script back up. It verifies every license at the moment.

    http://www.whmcs.com/members/modules/servers/licensing/verify44.php

  • @AsadHaider said: @rds100 Yeah, they've put the licensing script back up. It verifies every license at the moment.

    So all WHCMS does is calling that PHP script to determine if its a legit install?

  • @gsrdgrdghd said: So all WHCMS does is calling that PHP script to determine if its a legit install?

    http://pastebin.com/kmf5JZkm

    Thanked by 1djvdorp
  • WilliamWilliam Member

    @gsrdgrdghd said: So all WHCMS does is calling that PHP script to determine if its a legit install?

    Basically, yes.

  • AldryicAldryic Member

    @LiquidHost said: Also, suggest me some pen testing company.. We are about to launch a new website and it wouldnt hurt to pentest the WHMCS as well.

    Get in touch with @vld, his company does this professionally.

    Thanked by 1[Deleted User]
  • lol sounds pretty easy to crack without even nulling anything or so. You could just add 127.0.0.1 www.whmcs.com to your hosts file and put a file with the same content as verify44.php in the /members/modules/servers/licensing/ directory of your webserver

  • SpiritSpirit Member

    look bottom of this screenshot:

    http://i.imgur.com/aezT8.png
    @papajohns http://Papajohns.com Tango Down! ---> http://i.imgur.com/aezT8.png #UGNazi

  • djvdorpdjvdorp Member
    edited May 2012

    @Spirit: whoops, looks like a PMA db dump of WHMCS db :(

  • SpiritSpirit Member
    edited May 2012

    Due to the provider of our client portal software being compromised we have temporarily taken it offline to protect customer data. Once more information has been supplied by the developers and we can be sure data is secure we will restore access to the portal.

    In the mean time should you need to contact us please e-mail us on..

    https://secure.vooclients.com/
    +1 for VooServers

    Billing System is in Maintance Mode !

    Please contact the Support...
    Due to the provider of our client portal software being compromised, WHMCS, i have temporarily taken it offline to protect customer data.

    https://support.syscentral.org/
    +1 for syscentral

  • AlexBarakovAlexBarakov Patron Provider, Veteran
Sign In or Register to comment.