Jump to content

WHMCS.com Hacked?


Recommended Posts

I don't doubt the hacks valid, however i find it suspect that the next target was "papajohns". Seems more like a scare tactic than anything else.

 

On my own personal note however, I am very disappointed in the poor security practices of WHMCS. For example, Some of the posts were blaming HG for the link, while now that is possible, why is he using an email account that he uses for everything for a secure system like that.

 

That's like using your public email for your bank account, what do you think happens when you hit "forgot my password".

 

On top of that, to ignore usual security flaws in a server is just stupid. Assuming they never bothered, WHMCS could have asked the HG Security team for advise.

 

Sorry, I just hate it when people blame others for their mistakes. Grow up, Take responsibility and resolve it. We can forgive a mistake as long as it doesn't happen again. And if you need help, ask, you have a huge community of people, some of which have college degrees and hundreds of years (plus/minus a few years of exaggeration) of security training and experience.

Link to comment
Share on other sites

  • Replies 525
  • Created
  • Last Reply

Top Posters In This Topic

That doesn't add any legitimacy, as it's the same image link posted to the same Twitter. I'm not saying it's nothing to be concerned about, but it's not really proof.

 

My AV complained and wouldn't load it at all, not even the favicon. >hugs ESET<

 

 

Yeah i used to use nod years back, now though im linux based and i dont know if they flavour to linux.

 

It was good though.

 

Good news that the hosts shut that site down. Although i suspect they did all they needed with it.

Link to comment
Share on other sites

I don't doubt the hacks valid, however i find it suspect that the next target was "papajohns". Seems more like a scare tactic than anything else.

 

On my own personal note however, I am very disappointed in the poor security practices of WHMCS. For example, Some of the posts were blaming HG for the link, while now that is possible, why is he using an email account that he uses for everything for a secure system like that.

 

That's like using your public email for your bank account, what do you think happens when you hit "forgot my password".

 

On top of that, to ignore usual security flaws in a server is just stupid. Assuming they never bothered, WHMCS could have asked the HG Security team for advise.

 

Sorry, I just hate it when people blame others for their mistakes. Grow up, Take responsibility and resolve it. We can forgive a mistake as long as it doesn't happen again. And if you need help, ask, you have a huge community of people, some of which have college degrees and hundreds of years (plus/minus a few years of exaggeration) of security training and experience.

 

 

 

I wouldnt doubt it, i have seen first hand the information they pulled out of my own whmcs installation, believe me its scary as hell you really do not want this to be a legit attack, but its entirely likely

Link to comment
Share on other sites

where does this fly in from ?

 

I was looking at the Twitter Tweets and accounts used by them saying WHMCS and all the other sites got hacked / ddos'ed and their twitter accounts seem to lead to a website btu upon viewing the website you get a Cloudflare error.

Link to comment
Share on other sites

Guys at the end of the day they almost certainly DID get the database during this hack, of course we need to wait for more official news to flow in, but for now we need to give Matt and his team time to piece it all together, no point discussing if/but/why/when - they probably got all the data already discussed, so you may as well be focusing on your own stuff for now until we hear more from Matt.

Link to comment
Share on other sites

I don't doubt the hacks valid, however i find it suspect that the next target was "papajohns". Seems more like a scare tactic than anything else.

Just because the url says papajohns doesn't mean they wanted to hack it. Maybe they wanted some pizza to co-ordinate their hackfest ;)

Since we know they already got access to the server, it's pretty safe to assume those database downloads are in their posession.

Link to comment
Share on other sites

And this is exactly why only a complete idiot would store client card details in their own database. And why the first thing I did when setting up WHMCS was to write my own payment module that didn't store clients card details, even though WHMCS made this extremely difficult to do at first and actually cited PCI compliance as a reason not to open up more action hooks to make this possible.

 

Maybe this will be a lesson learned and the guys will put a higher emphasis on security and implement ALL gateways with tokenised systems that support it.

Link to comment
Share on other sites

I agree, they didn't show papajohns actually hacked it was just offline. Probably just a DDoS attack to just deny access to it which i don't really count as hacking based on the number of attacks that my network received on a daily basis.

Link to comment
Share on other sites

As long as you change your passwords and cancel any card details whmcs have on file you will be fine. If they do "drop" the files in a couple hours as they say they will...

 

UGNazi ‏@UG

@fakudolphin @JoshTheGod @ThaCosmo @le4ky We will drop both Db + files in couple hours. #UGNazi

 

If you've taken the above precautions they can't really do much. Alot of information about a person or company is already readily visible online. If you get any strange visitors, letters or emails just contact your local authorities.

 

Unless WHMCS have some secret backend approach (as others have speculated) built into WHMCS everyone should be ok. Just calm down and let Matt get on with fixing everything. Once he's done that and all scans and such are completed he'll be able to let you know exactually what happened and why.

 

I do agree an email should of been sent out by now, because there is probably 1000's of customers who have no clue and i imagine are not going to be very pleased. Luckily i noticed from the WHMCS twitter feed in my admin panel so passwords and such were changed very quickly.

Link to comment
Share on other sites

O Well it happens to us all at one point in life LOL

 

I just need to ask I do not get my licensed from WHMCS its self nor have any info here I get it from PacificHost. But I got a email from them...

 

I don't relay under stand what I am meant to do about it....

Edited by Peter-HostNutters
Link to comment
Share on other sites

I myself contacted CloudFlare about this, and then passed the details along as best as I could. Hackers use CloudFlare to make it a little more difficult for a power user to determine their ISP, as when you're using CloudFlare you use their nameservers, not the web hosts, and this is commonly how many people identify what webhost you're using. Also the routing path will stop at cloudflare since their machine is the one grabbing your page.

 

However, you can still dig the reverse DNS to find out who they are hosting with.

Link to comment
Share on other sites

leakster.net was using 000webhost.com

ns01.000webhost.com

ns02.000webhost.com

 

ugnazi.com was using hostgator

ns3591.hostgator.com

ns3592.hostgator.com

 

I just had a look at archived DNS info.

 

Although not entirely reliable as they could of changed host. But best i could find.

Link to comment
Share on other sites

At the time of the breach they were using a .. spanish looking host? Not sure what language it was, however, it was server.hfu.cc

 

Hackers often have to rapidly hop hosts as they get reported to their webhosts and shut down. It's common for them, and there's plenty of hosts to jump to.

 

(Anyone know if there's a list out there of clients that jump a lot? WHT used to keep one back in `03 but their search isn't being helpful, and it'd be a good thing to maintain)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated