New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Looking for a VPS company that doesn't use WHMCS
Shane_Elmore
Member
After the WHMCS hacking, I'm a bit reluctant to use a VPS host that use WHMCS, which is not only probably a bit judgemental, but smart considering what else could be wrong with WHMCS.
So, any VPS hosts that dont use WHMCS?
Comments
Nothing wrong with WHMCS. It wasn't a fault in WHMCS that caused the leak (can't even call it a hack...)
Right. Until the next WHMCS exploit. Now, instead of having time to patch the exploit, you'll be hit before you even know it exists. There are multiple exploit scanners out there now that have the url and IP of every single active WHMCS install in the world. No need to search for them in Google anymore.
Linode do not use WHMCS.
OVH don't use WHMCS
Those kind of scanners for whmcs explouts existed some times before the hack last days.
I can't say I know all the details of the WHMCS leak to comment fully, but it doesn't seem likely that you need run from any current providers just because they use WHMCS.
We actually use Ubersmith instead of WHMCS, which would seem to put us very much in the minority here. That said until recently there was no automated integration of Ubersmith with SolusVM, so it had to be scripted oneself rather than the easy integration WHMCS provides.
lol... Have you ever actually downloaded one of the old "all in one" scanners that were out there? They had maybe 200-300 IPs in there, not 67,000 IPs. There's a big difference.
Normally I don't use those scanners @subigo. And yes, 67k IPs in one scanner is quite... shitty.
Well now they have the location of most active WHMCS installations out there, if they find an exploit and want to do it against every installation. It's just gotten a whole lot easier.
It's not difficult to find big companies running WHMCS, 2 minutes on WHT and you can find huge targets.
Wait, he's back? When did he come back?
The WHMCS leak will only affect those with Credit Card Details stored with them and people that use the same password everywhere. We use randomized passwords for every login and we do not store credit card details with them.
Also most hosts only offer PayPal ( like us ) so even if (unlikely) there was a HUGE whmcs bug where every single install was vulnerable as long as you don't share passwords over tickets and you change the default password after receiving your VPS you should not have a issue.
@subigo WHMCS has been working hard for years to provide a secure panel. From what I have seen over the years they have been working the hardest, and they are the ones that get the brunt of the hacking attempts to begin with, so if everyone switches to a competitor of them then they will be the ones getting the attacks. ( sort of like Mac v. Windows ) From what I've seen all that was leaked was Passwords,Credit Cards, a Normal WHMCS install, and their website. Not anymore then anyone could have gotten from hacking any website running WHMCS, so I doubt this shows a weakness in their software.
I'm done. lol.
XenVZ
6Sync.com and Alvotech.de come to mind.
+1
So are you going to switch from WHMCS?
https://zensix.com/clients/submitticket.php?step=2&deptid=11
I never said anyone should switch. I just said future exploits will now be able to hit people before WHMCS warns them (not that WHMCS has a good track record or warning people in a timely manner). Personally, I'll probably start working on my own system this weekend, but I don't care what other people do.
See the above post. Yes. It will probably take a few months, but yes.
interserver.net does not use WHMCS, and still falls into the LEB category starting at $6/mo. Linode is another I know of, but not LEB starting at $20/mo.
edis.at was the only other one I knew of, but they actually switched over to WHMCS recently.
6sync uses WHMCS for their billing/ticket backend - https://secure.6sync.com/portal/?licensedebug
WHMCS (The system) was not hacked.
I dont see the problem as of yet, I WILL be moving from WHMCS, but I am not in a hurry.
Truthfully, I don't give a crap. They can't leak anything more than what the official one did. Used paypal too, so surefine by me.
Rule of thumb for me in hosting: never use your cc for it.
There's a reason that I removed all stored CCs and put an end to automated payments a couple years back.
whmcs is a great software, its still safe. 90% of the host are still using WHMCS.
Hetzner does not use WHMCS.
HostBluff does not use WHMCS, you have to mail in your payments.
For all the talk of exploit scanners, I'm imagining that you can move your license between IPs, or reissue it?
So all a host need do is change the IP of their WHMCS instance to avoid being in the list of 67k addresses referred to.
I've not looked at the exploit scanners, but anyone who has, are they by IP or URL? I tend to think by URL, and if true, you would need to change the location, not IP of your install to allude the scanners.
Some are URL, some are IP from the listings I've seen. I imagine it has to do with the state of things at the time you activated the license to the current IP/URL. But even then it was IP/subfolder or something, so URL still related. I guess a lot depends on what table they're running it off of.
That would make sense and ofc be more of a problem. Haven't looked at the leak myself, just the fact that above was refering to IPs rather than hosts.
They're by IP and sub-directory, so there's a row in the table for the IP, and another for the subdirectory. So if you move your install to another subdirectory and or to another server altogether with a different subdirectory whoever scans you will get a 404.
I just moved my install to a different subdirectory and had the license reissued...