Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 9
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1679111224

Comments

  • miTgiBmiTgiB Member

    @FRCorey said: Why are you people doing monthly licenses of anything?

    How much do you pay for updates/support on an owned license? I have a reseller account with 10 keys for $75/mo (Hey, the db is out there, I can't hide that anymore) but I recall the yearly maint fee on an owned key is higher.

  • AldryicAldryic Member

    @miTgiB said: but I recall the yearly maint fee on an owned key is higher.

    Higher than 75$/mo? O_o I think you're mixing your numbers somewhere :P

  • miTgiBmiTgiB Member

    @Aldryic said: Higher than 75$/mo?

    No, higher than the $7.50 I pay, the other 9 keys I resell :P

  • AldryicAldryic Member

    Aaah :P It's about the same actually, after the one-off. We'd just much rather not deal with reselling, etc. WAAAAAAAAAAAY too much headache.

  • DanielMDanielM Member

    I wonder if Matt has contacted the ICO yet.

  • miTgiBmiTgiB Member

    @Aldryic said: We'd just much rather not deal with reselling,

    You do realize you already resell VPS, right?

  • Finally, some real drama.
    Shame on WHMCS, and I was just about to consider purchasing a license with them too. Now that I know they make 530 grand and don't even encrypt well enough, heh, that's like giving JCPenny a WEP password on their Wi-Fi and someone eventually hacking it.

  • Awmusic12635Awmusic12635 Member, Host Rep
    edited May 2012

    Just saw this on WHT: http://www.webhostingtalk.com/showpost.php?p=8139332&postcount=543

    Can anyone confirm that it has the tag?

  • I still have not received an email. Was I chosen for somthing?

  • qpsqps Member, Host Rep
    edited May 2012

    @Fliphost said: Can anyone confirm that it has the tag?

    It doesn't appear to have any kind of tag that I can see in the email we just received ~20 minutes ago... unless they received a different e-mail than we did.

  • Awmusic12635Awmusic12635 Member, Host Rep

    @qps from what I saw in the WHT thread, it seemed like the people there are got different emails with slight modifications between them

  • Can anyone confirm anything within the header of the email?

  • qpsqps Member, Host Rep

    @Fliphost - This is the message we received:

    Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

    >

    To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.

    >

    As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.

    Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
    >

    This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.

    >

    We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.

    >


    WHMCS Limited
    www.whmcs.com

  • miTgiBmiTgiB Member

    @pioneernetworks said: Can anyone confirm anything within the header of the email?

    Return-path: 
    Envelope-to: [email protected]
    Delivery-date: Mon, 21 May 2012 21:59:56 -0400
    Received: from 50.97.96.24-static.reverse.softlayer.com ([50.97.96.24]:54816 helo=whmcs.whmcs.com)
        by alpha.hostigation.com with esmtps (TLSv1:AES256-SHA:256)
        (Exim 4.77)
        (envelope-from )
        id 1SWeOC-0003uA-Hj
        for [email protected]; Mon, 21 May 2012 21:59:56 -0400
    Received: from whmcscom by whmcs.whmcs.com with local (Exim 4.77)
        (envelope-from )
        id 1SWeNL-0007s7-Gj
        for [email protected]; Tue, 22 May 2012 02:59:03 +0100
    To: Tim Flavin 
    Subject: Urgent Security Alert - Please Do Not Ignore
    Date: Tue, 22 May 2012 02:59:03 +0100
    From: WHMCS 
    Message-ID: <[email protected]>
    X-Priority: 3
    X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
    MIME-Version: 1.0
    Content-Transfer-Encoding: 8bit
    Content-Type: text/plain; charset="utf-8"
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - whmcs.whmcs.com
    X-AntiAbuse: Original Domain - bigtim.net
    X-AntiAbuse: Originator/Caller UID/GID - [508 506] / [47 12]
    X-AntiAbuse: Sender Address Domain - whmcs.whmcs.com
  • qpsqps Member, Host Rep

    @pioneernetworks said: Can anyone confirm anything within the header of the email?

    The header looks pretty normal to me, but is slightly different in one regard:

    Here's how it looked on 22 April 2012:

    Received: from 50.97.96.24-static.reverse.softlayer.com ([50.97.96.24] helo=whmcs.whmcs.com)

    Here's how it looked in the message just received on 21 May 2012:

    Received: from 50.97.96.24-static.reverse.softlayer.com ([50.97.96.24]:46598 helo=whmcs.whmcs.com)

  • Ya though looks like hostgator ip blocks

  • I just received the email.

    Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.

    >
    To clarify, this was no hack of the WHMCS software itself, nor a hack of our server. It was through social engineering that the login details were obtained.
    >
    As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
    Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
    >
    This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.
    >
    We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
    >


    WHMCS Limited
    www.whmcs.com
    >

    Thanked by 1Asim
  • subigosubigo Member

    It's fun seeing how many hosts/people on this forum have had takedown notices sent to them from WHMCS over the years for trying to use nulled versions. I won't name any names, but keep that in mind next time any of you think you're badass, because there's a lot of you.

    Thanked by 1marrco
  • FRCoreyFRCorey Member

    I have not gotten any email yet, but I've seen one email that says CC details have been leaked and another that does not mention it.

  • subigosubigo Member

    @FRCorey said: I have not gotten any email yet, but I've seen one email that says CC details have been leaked and another that does not mention it.

    I just got the email about five minutes ago.

  • SpencerSpencer Member

    @subigo said: It's fun seeing how many hosts/people on this forum have had takedown notices sent to them from WHMCS over the years for trying to use nulled versions. I won't name any names, but keep that in mind next time any of you think you're badass, because there's a lot of you.

    HAHAHAHA that is right. You can now see who has used nulled WHMCS in the past. In the database is there a table of nulled hosts?

  • subigosubigo Member

    @PytoHost said: HAHAHAHA that is right. You can now see who has used nulled WHMCS in the past. In the database is there a table of nulled hosts?

    There are a few different places to find the information, but "mod_takedownnotices" is the easiest place to look.

  • @liam said: They've really messed up. He's making $500k and using hostgator, wtf?

    I thought the same thing, why use HostGator?

  • rds100rds100 Member

    @liam well, he has to host it somewhere after all.

  • FRCoreyFRCorey Member

    I'm sure they're making over 500k that was just an estimate based on if everyone was leasing this for 8 dollars a month.

  • subigosubigo Member

    @FRCorey said: I'm sure they're making over 500k that was just an estimate based on if everyone was leasing this for 8 dollars a month.

    Right, I did the math and that was the low estimate. They're most likely making something in the range of $700k/month.

  • rds100rds100 Member
    edited May 2012

    Anyway, screw WHMCS. I am watching SpaceX's launch attempt now - should happen after 4 minutes. Let's hope they get it right this time :)

  • AsimAsim Member

    So, did the database of WHMCS make it online?

  • laaevlaaev Member
    edited May 2012

    @subigo said: Right, I did the math and that was the low estimate. They're most likely making something in the range of $700k/month.

    A close friend/source of mine actually restored the db on localhost and shown me the following:

    This Month: $240,640.43 USD This Year: $1,660,666.28 USD

    And he told me that WHMCS made nearly $10,000 the day they got hacked.

    Thanked by 1Asim
  • @Asim said: So, did the database of WHMCS make it online?

    Pretty much WHMCS's entire cPanel account made it online.

Sign In or Register to comment.