New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
>
I don't know but wanted to make it clear anyway. ^_^
I assumed it was "we haven't got our forum under control yet so we threw up an .htaccess until we figure out how we were hacked".
I pondered on that, but considering the domain itself is still forwarding to ugnazi (for me at least) I figured it was another shady ploy.
I thought they had whmcs.com back. It looks normal to me, though of course it could be a rip.
However, if memory serves, "websitewelcome.com" is one of Hostgator's operations.
Hmm, guess I need to flush then :P
@raindog308 They moved from HostGator to HostGator, they do know a lot about security.
I don't think HG really did anything wrong in this instance. The attacker apparently had Matt's email/pass plus other personal info.
Nah, Matt said they gained access to his email after they had got into his HG account, so its HG's fault.
I thought he said the other way around? Either way, there's enough blame to go around on this one. After getting into the server and showing us all how well secured it was, and constantly putting the same stupid backups up, there's enough blame to put on Matt either way.
From WHMCS Blog "Further investigations have shown that the social engineering attack did not involve the compromising of any email account. This was only done after access to the server had been gained."
I'd love to hear HG's side of it in that case.
I've been able to reconstruct the live help conversation.
Hello,
I recently downloaded the leaked database to check wether the hosts I currently use are "compromised". Because whmcs.ugnazi.com is not online anymore, I downloaded the files from a quite strange mirror, but I can't verify it's thrustworthy.
It contains only 3 SQL dumps with about 800MB in total. The cPanel files are not included. Is anyone who downloaded the original files able to verify the MD5 sums of the following files?
whmcscom_survey.sql - MD5: 659f3a3f6dc21e571142587a85f29827
whmcscom_sitecms.sql - MD5: fbca51d9680af1b7d3b3c7e2d98417f3
whmcscom_clients.sql - MD5: d0eda63a9eea61ce732639f894de5d87
Thanks in advance!
HerrMaulwurf
MD5 (whmcscom_clients.sql) = d0eda63a9eea61ce732639f894de5d87
Anybody have any pictures of the hack today so I can update http://www.haswhmcsbeenhackedtoday.com/
HG cares about everyone's security the same. Most of the techs wouldn't know if a company's big or small (other than ones they're familiar with).
They were using a dedicated server (from HG). Or at least a VPS.
Do they even salt it? If not, rainbow table time...
Also, websitewelcome = HostGator "reseller plan" servers.
I don't think they were.
Even if they were, the configuration files have been leaked so got the salt.
http://i.imgur.com/0LRQL.jpg
Admins hashes were md5'd without salt, took 2 hours to crack 3/20. User passwords are salted.
Yeah, but if they're unsalted you don't even have to generate a table, just use one that's out there. If they're salted you have to make a new table for that salt, which isn't a problem, just an inconvenience.
Thanks for that. It is now updated woot woot
Actually GPU cracking has made rainbow tables more or less superfluous. Even with my fairly old Nvidia GTS 250 it takes only 2 hours to go through the entire loweralpha-numeric 1-8 keyspace (md5)
I like how WHT closed the WHMCS thread and told people to just read the WHMCS blog for updates... which has been hacked twice today already.
WHMCS hacked today twice? Wow
This isn't even funny any more. I think Whmcs should just move their blog to wordpress.com and let someone else take care about securing and maintaining it.
@rds100 They'd probably use the same password.
Hopefully a security update for WHMCS will appear soon, $6,000 will buy you a new 0day exploit.
http://krebsonsecurity.com/2012/05/whmcs-breach-may-be-only-tip-of-the-trouble/
Sounds like a good investment for a criminal - buy that exploit, write some script, own 100k WHMCS installations.
@onepound - This 0day old. Saudi hacker use sql 0day for months. There one for Solusvm for no money vps, delete vps, suspend vps