New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I doubt they use an unencrypted version on their site install. It's probably a production release.
I knew this was gonna happen anytime soon. Ever since last update
Wow this is worrying
Lesson learned. Train your employees in how to detect and prevent social engineering. It is still the largest vulnerability because people simply don't expect it.
>
rucka rucka ali
ruckasworld.com/
Sucks I'm not home, this is going to be interesting.
Wow, kinda wish I would have stuck to the original plan and not went with WHMCS. The backend I am using now was originally supposed to be a WHMCS and SolusVM replacement but I removed all of the billing portion of the code since I didn't have the need to finish it.
The WHMCS forums are online http://forum.whmcs.com/showthread.php?t=47644
@KuJoe , same boat - revisiting that, or at least adding a layer using the API so WHMCS can be kept out of reach
Yeh, When i ment update i ment last hack/vuln
@KuJoe, @unused - unless I'm misinterpreting things, a WHMCS product vulnerability was not exploited in this attack...?
Yeah that's right, it was the hosting account itself from Hostgator which gave them full access to the files and database.
Interesting find on Google: http://pastelol.com/1UJMGR
Uhm, are you sure? Last time I checked UGNazi had nothing to do with Lulzsec whatsoever.
ugnazi.com = down
DERP
UGNazi · http://UGNazi.com"
'Ex-Leader of Lulzsec' is a popular parody that quite a lot of people use since a few attentionwhores (two, to be exact) tried to really pick up that title. It doesn't actually mean anything. There's probably a dozen Twitter accounts claiming the exact same.
PING 176.31.237.84 (176.31.237.84) 56(84) bytes of data.
1 packets transmitted, 0 received, 100% packet loss, time 0ms
Never Ever hack whmcs.com
Bad things will happen...
So, if it was compromised account, what is the point in taking down our WHMCS installations off?
Also, suggest me some pen testing company.. We are about to launch a new website and it wouldnt hurt to pentest the WHMCS as well.
@rds100 Yeah, they've put the licensing script back up. It verifies every license at the moment.
http://www.whmcs.com/members/modules/servers/licensing/verify44.php
So all WHCMS does is calling that PHP script to determine if its a legit install?
http://pastebin.com/kmf5JZkm
Basically, yes.
Get in touch with @vld, his company does this professionally.
lol sounds pretty easy to crack without even nulling anything or so. You could just add 127.0.0.1 www.whmcs.com to your hosts file and put a file with the same content as verify44.php in the /members/modules/servers/licensing/ directory of your webserver
Atomia http://www.atomia.com/
ISP System http://www.ispsystem.com/
look bottom of this screenshot:
http://i.imgur.com/aezT8.png
@papajohns http://Papajohns.com Tango Down! ---> http://i.imgur.com/aezT8.png #UGNazi
@Spirit: whoops, looks like a PMA db dump of WHMCS db
In the mean time should you need to contact us please e-mail us on..
https://secure.vooclients.com/
+1 for VooServers
Please contact the Support...
Due to the provider of our client portal software being compromised, WHMCS, i have temporarily taken it offline to protect customer data.
https://support.syscentral.org/
+1 for syscentral
http://i.imgur.com/HVXwC.png - looks weird.