New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I'm telling you guys... if anyone has a 0day in their pocket, it's coming soon and you probably won't hear about it for weeks/months.
I doub't there will be anything big and groundbreaking. The PHP code has always been available if you decrypted the ioncube.
This probably did put a bigger target on their heads though, at least for a while. Wannabe hackers who previously didn't know much about WHMCS probably have it on their radar now. I'm not really sure what is to come, but I'd say everyone using it needs to keep a close eye on how things develop over the next month or two.
No it hasn't. At best, you can get about 80% of the code. I have the the best decoders and run each new release through it. You show me 100% code and I'll send you $1,000.
After fixing it all after decoding, I'd want more than that.
Considering how fast, and for how much more, it'd be resold on skid forums after that deal I can't blame ya.
That goes for md5, but not for a decent hashing algo.
NVM I never looked at nulled WHMCS and I guess they are still ioncube encrypted for the most part.
Which is smart, because I could turn around and sell it for $5,000 an hour later.
Yeah but all the WHMCS passwords are hashed with md5 so its cheaper to just bruteforce them. Also what would you consider a decent hashing algo?
I had the simple idea of a .htaccess on the admin folder, shot off a quick ticket to WHMCS and got a really nice response from Matt directing me at http://docs.whmcs.com/Further_Security_Steps
I almost have mine finish being setup where you can only get into the admin folder if your in our company VPN.
>
>
>
>
@HerrMaulwurf I believe all of those are correct. They're the same as my hashes anyway fron the original source.
Looks they has been hacked third time!!
http://www.hacker.ps/Mirror/60428?iframe=true&width=100%&height=100%
demo.whmcs.com hacked and rooted ( kernel 2010 )!! WTV!!
Nice. Love that default-install MSK timezone.
Unfreakinbelievable. What a bunch of noobs.
And what exactly is that going to protect you from when the next exploit comes out that can run admin functions from any public WHMCS page?
touch .htaccess xD
I'm not here chicken littling this stuff, what is your useful contribution?
Can someone please update me with the events in the past 36 hours, as WHT has closed the thread I have not been keeping up to date with WHMCS news.
They got hacked twice more, forums yesterday (still offline) and their demo was hacked earlier today (few posts up).
You can view the current issue here: http://www.haswhmcsbeenhackedtoday.com/
So, apparently this is the loser who has hacked WHMCS:
Joshua Isabella Mendez a.k.a. "UGNazi" aka JoshTheGod.
http://www.myspace.com/dancingsantajosh
Sketchy.
The more I look at his pics, the more I realize how much of a little dumbass punk this kid is.
Time to register the domain joshuaisabella.com haha or ugnazipwnd.com :P
He is going to make a fine prison bitch
What I don't get is... so many cc's were leaked, yet hes still actively tweeting on Twitter (@JoshTheGod). Why is he not arrested yet?
BTW I'm only 20 miles away from him
@miTgiB I hope this kid goes to jail, if not, then this country is pretty screwed up.