WHMCS.com Hacked?

[Pulsar132]

Who pay me this Time, which i have to spend, because of an incompetent Admin of WHMCS?? Do you mean WHMCS Does this??

 

As i said before. If you get's no money for your Time; your problem. My time is expensive

 

AND i don't want to spent time for incompetnce of an Lazy admin

 

Easy Example: If WHMCS don't get hacked i don't nee to spend time for changing PW's, CC, etc.

 

Fellow fan boy replying...

 

It takes a matter of minutes to change passwords and call up the bank. Yes i understand there are problems with recurring billing and such with bills. You will just have to contact them and explain what’s happened and even provide links or such to WHMCS. You’re saying your time is expensive. So you’re moaning about the whole process of changing details to PROTECT YOUR CUSTOMERS! Your business sounds great. But I’d put in endless amounts of time to protect my customers. Taking a few minutes to change a password and contact the bank hardly seems like I’ve wasted time. If anything it's just a bit of a pain.

 

I don’t know about where other people live, but in the UK you phone up the bank for a new card and it's sent out to you within 7 days. Sometimes quicker.

 

I'm quite shocked to be honest. Considering WHMCS is for web hosting businesses. Some of your replies scare me into thinking you may be in control of someone's website. Yes WHMCS ****ed up. But we all make mistakes. Yes WHMCS ****ed up in the past too. But these things happen. Websites are hacked all the time. It's only when a big known website gets hacked everyone fly’s off the handle about it. Yes our details are public and WHMCS should have had better security practices in place to prevent such occurrences. But it's a bit too late to moan about it now, it's happened.

 

Just change your passwords and contact the bank. There is nothing else we can really do now. Also bear in mind how the WHMCS team must be feeling? They are going to have to deal with so much **** in the coming days/weeks.

How would you feel if your server got hacked and your customer’s details exposed. Imagine how you would feel if your customers just turned on you and made the situation harder for yourselves. Just give them time to sort things and things will be ok.

 

(No I’m not being paid by WHMCS I’m just being realistic about this, no need for everyone to go off on one because of this)

[WebsiteIntegrations]

No, this is freetime, this posting here Please, i organise my time myselfe. See last Post from me. WHMCS get hacked. i have the work with i, because of incompetece of an Server Admin

 

That's two pairs of shoes

 

if i look at your posts - so far today you've spent almost 6 hours posting in this thread. So you have 6 hours to sit and whine but can't take the time to do what need to be done?

Edited May 22, 2012 by wwesn

[b0r3d]

My credit card numbers in the world can sit on 1 million fraudsters desks, but if I've stopped the card the numbers are worth diddly squat. Have you stopped your card?

 

 

 

I would disagree there. I'm in partnership with them because they were my chosen partner 5 years ago for my billing and support software. Since then they have supported me and my business in return for a monthly fee. For that, I've had support, troubleshooting, and api development/help. That's a partnership.

 

 

 

So you resell electricity then for a living? Of course not. There is a vast difference.

 

If you want to chase WHMCS for recompense, do it through the correct channels. Just stop the public whining and be constructive to the community here.

 

 

 

Hmmm....don't follow your logic at all. Sorry.

 

Have you had money taken from your card?

 

You're delusional if you think you and your business are in partnership with WHMCS. It doesn't work like that unfortunately. Hate to break it to you.

 

Hey i don't completely disagree with some of your comments but i find how you're down playing quite a serious breach of trust and security from basic security 101 is a bit troubling.

[Si]

You're delusional if you think you and your business are in partnership with WHMCS. It doesn't work like that unfortunately. Hate to break it to you.

 

Hey i don't completely disagree with some of your comments but i find how you're down playing quite a serious breach of trust and security from basic security 101 is a bit troubling.

 

Oh don't you fret about it, or worry. The thing is, at this side, I'm not fretting, it's all in hand. It could be for you too

 

Let the WHMCS team sort it. Then if shouting needs to be done...... Right now, don't sweat it. Chillax.

[twhiting9275]

Yes WHMCS ****ed up. But we all make mistakes. Yes WHMCS ****ed up in the past too. But these things happen.

I won't deny these things happen. Anyone who does has no clue how reality works.

However, when these things happen, companies grow past it. They move on, the learn from their mistakes.

 

Have WHMCS? No

This isn't the first time this happened. Letting them off easy the first time, that's a given, expecting that they'd move on and learn.

Here we are, 3 years later, and we're going through the same thing. server hacked, information vulnerable. Oh yeah, most definitely, just give them another pass, because they deserve it right??? NOT!

 

They've abused their 'free pass'.

[gOOvER]

Exactly. Well put.

 

You have no need to share my opinion and i have no need to shre your's

 

So one Deal;

 

i don't comment sensless post from you and you don't comment posts from me

[dotter]

#2: blocking cards are not as simple as you make it out to be. People depend on those cards for business functions,and you can't simply just drop a card and swap it out for another . That process takes 10 days.

Ok, I get it that there are simpler and then more complicated procedures for cancelling a credit card. But that is your card out there with all the info with it to complete online transactions.

 

My company has clear guidelines of what to do when this happens:

1) protect customers

2) protect ourselves

3) audit

 

I assume WHMCS being proactive and sending the CC info to Visa/Mastercard would protect their customers. Their e-mail says "your card details may also be at risk". Well, card details are out in the wild, not just maybe at risk.

 

Anyway, why/how this happened is beyond the scope of this thread, unless a sysadmin from WHMCS posts an audit report and describes the enhanced security features implemented to prevent this from happening again.

 

I'm not blaming UGNazi. If it weren't for them, WHMCS would not know they have a problem with security. We all learn from mistakes, it is the magnitude of each mistake that defines our future.

[Si]

I won't deny these things happen. Anyone who does has no clue how reality works.

However, when these things happen, companies grow past it. They move on, the learn from their mistakes.

 

Have WHMCS? No

This isn't the first time this happened. Letting them off easy the first time, that's a given, expecting that they'd move on and learn.

Here we are, 3 years later, and we're going through the same thing. server hacked, information vulnerable. Oh yeah, most definitely, just give them another pass, because they deserve it right??? NOT!

 

They've abused their 'free pass'.

 

Then move on. PLEASE. You've made your feelings clear. Who are you going with for your billing choice?

[mikie]

Think I'm gonna avoid this thread like the plague and just keep an eye on official updates now. It's resorting to school kid style behaviour now. I'm surprised so many have the time to waste on this thread going over the same old ground and arguing the same points.

 

Give it a rest dear. If we never see or hear from you again, it wont be anyones loss here!!!!

[twhiting9275]

I'm not blaming UGNazi. If it weren't for them, WHMCS would not know they have a problem with security. We all learn from mistakes, it is the magnitude of each mistake that defines our future.

Common sense would tell them they don't have a problem with security, not a hacker.

Professional administrators would tell them they have a problem with security, not a hacker

 

Again, this isn't advanced chem 3, this is basic online hosting 101 here.

[gOOvER]

Then move on. PLEASE. You've made your feelings clear. Who are you going with for your billing choice?

 

Si, last Time. Stop this shity "Come on, Move on." Evertime this silly, sensless sentence is posted by you.

 

This sis his opinion. You have no need to share the same.

 

And: Nott everyone is paid by WHMCS

[WebsiteIntegrations]

You may want to read that article again http://news.softpedia.com/news/UGNazi-Leaks-1-7-GB-of-Data-from-WHMCS-Servers-270914.shtml

 

UGNazi said that they reported that spammers and hackers were using their software and whmcs chose not to do anything about it, not that they told them about flaws....

 

I wonder whats next are they gonna hack Micorshaft for providing the operating system that the script kiddies use to create their BS bots

 

which is a bit hypocritical - because spammers and hackers use whmcs then lets steal all the information and release personal information on people who have nothing to do with it?

[Si]

Si, last Time. Stop this shity "Come on, Move on." Evertime this silly, sensless sentence is posted by you.

 

This sis his opinion. You have no need to share the same.

 

And: Nott everyone is paid by WHMCS

 

I ask questions from the complainers and not one gives a straight answer.

 

UNSUBSCRIBED

 

(Off for a barbecue and a beer). Lovely UK Weather

[Digitalized Media]

I spent about 3 minutes cancelling my credit card (free). When the license server came back online, I spent 4 minutes changing the passwords to all usernames associated with WHMCS logins. I spent 2 minutes altering my cPanel and WHM password. 9 minutes @ $40/hr ... aw hell, except for the credit card cancellation, I do the same thing every Monday anyways.

 

Someone stated how to address their clients. This is what I put on our Facebook.

 

Some clients and customers were inconvenienced while shopping on our website today because our client area was down. That has been resolved now.

 

We utilize a 3rd Party resource via a paid license to handle our ordering, billing and support system, and we do so one an SSL Secured connection. The software is called WHMCS.

 

The website for WHMCS was hacked by a well known group that targets government websites and other websites that are in support of SOPA being passed. WHMCS fell into that category. They also do it to prove points. This weeks victims include ESPN, AOL, AIM, MGM Studios, a large handful of government websites, and I also read that they hacked Lockheed-Martin's website. LH handles security for the US Gov.

 

Some web geeks out there may have read that the personal information of all persons holding a WHMCS software license - past and present - are leaked online. It is true, it is.

 

However, the information of individual customers of OURS is secure, and completely unrelated to this attack. A crafty and bold person can find this file of leaked data, download it, and find *MY* personal cell, address, email, and now cancelled pre-paid debit card that I used to pay for services directly through them. Most of the information found in this file is also located on my business card that most of you have.

 

A tremendous amount of effort goes into our security of our information. That said, hackers are always 2 steps ahead of security. Web security is a reactive business, and we basically work as patch-makers. We work hard to prevent, but work just as hard on recovery.

 

We do not run CC's through our website. We go through Google Checkout, PayPal, MoneyBookers, AlertPay (now Payza), and we run cards manually via SquareUp and accept business checks.

 

I simply cannot handle reading any more of this thread. I will continue to use WHMCS and use our own safeguards. I really, really feel bad for Matt. He has spearheaded the development of the best software available for this industry. Being the biggest makes you a target sometimes. It sure sucks.

 

There are a lot of complainers in this thread. Why don't you stop wasting everyone's time with your negativity and shockingly accurate hindsight observations (there is a South Park reference in there). Instead of making this into a 40 page thread (I've spent 65 minutes on this, at $40/hr ... who's reimbursing me ... lol), maybe you should start developing your own, cost effective, publicly available, 100% hacker proof system that does all of what WHMCS does - and why not shoot for the stars, and want it to do more - and get that up ASAP.

 

I'll wait. Go ahead. No no ... I insist.

 

You know what ... just call me when you're done. My contact info is available online.

[gOOvER]

which is a bit hypocritical - because spammers and hackers use whmcs then lets steal all the information and release personal information on people who have nothing to do with it?

 

I think, he only will show, that WHMCS TEam nothing do AGAINST such illegal things and warnings

 

And read some post before; I bet, WHMCS Team was warned of this hacking BEFORE.

 

I send a lot of mails to the WHMCS Team, because of illegal using WHMCS. They don't care about. They got the Money from the other stupid paying customer. That is my feeling, because 90% of these sites are still online

[dotter]

Common sense would tell them they don't have a problem with security, not a hacker.

Professional administrators would tell them they have a problem with security, not a hacker

Don't get me wrong, I agree with you that they should have learned all this before today. But really, we're all just making conclusions without any real data. Matt posted something, yeah, but a proper audit takes a little bit longer.

[gOOvER]

...., maybe you should start developing your own, cost effective, publicly available, 100% hacker proof system that does all of what WHMCS does - and why not shoot for the stars, and want it to do more - and get that up ASAP.

 

Why reinvent the wheel twice??

[Iceman]

And you, dear Sirs, are guilty of constantly whining, and it seems, repeating yourselves.

 

I'm unsubscribing from this thread now as it's now in the gutter.

 

 

If this is how you act in public, I'd hate to see your responses to your customers when you are blamed for one of YOUR servers being hacked!

Remember, what comes around goes around.

 

Seriously guys, grow up.

[WebsiteIntegrations]

Who pay me this Time, which i have to spend, because of an incompetent Admin of WHMCS?? Do you mean WHMCS Does this??

 

As i said before. If you get's no money for your Time; your problem. My time is expensive

 

AND i don't want to spent time for incompetnce of an Lazy admin

 

Easy Calculation: If WHMCS don't get hacked i don't need to spend time for changing PW's, CC, etc.

 

so where is the money your paying whmcs for using their name and logo on your forum at http://www.whmcs-germany.com ?

[mikie]

And you, dear Sirs, are guilty of constantly whining, and it seems, repeating yourselves.

 

I'm unsubscribing from this thread now as it's now in the gutter.

 

 

If this is how you act in public, I'd hate to see your responses to your customers when you are blamed for one of YOUR servers being hacked!

Remember, what comes around goes around.

 

Seriously guys, grow up.

 

Errr seriously, nobody really cares about what your doing man. Take Justine by the hand and run off into the sunset. It seems she needs a helping hand too.

[merlinpa1969]

which is a bit hypocritical - because spammers and hackers use whmcs then lets steal all the information and release personal information on people who have nothing to do with it?

 

trust me I know, and agree with you 100%

[mikie]

so where is the money your paying whmcs for using their name and logo on your forum at http://www.whmcs-germany.com ?

 

You mean domain name violation dont you?

[dotter]

I think, he only will show, that WHMCS TEam nothing do AGAINST such illegal things and warnings

Actually, I went trought the leaked DB and saw a couple of tables that contain what appears as takedown notices and various checks of the validity of remote WHMCS installations.

 

WHMCS cannot take down an altered remote WHMCS installation by themselves. They need somebody on the other side to do this.

 

Just to show what is in one of the leaked tables:

 

http://www.***.com/client/
94.75.***.***
abuse@***.com
2011-04-23 <- submitted
2012-05-21 <- lastchecked
Online
Submitted by Matt - Has threatened legal action, was suspended as a result, then implemented license bypass

 

So my conclusion is that they are doing something about this. But again, I don't know what has been going on in the background...

Edited May 22, 2012 by dotter

[Powercom]

Hi Guys, I have read with interest all your comments here.

 

Regarding replacing credit cards...

 

It is true that in the UK you can get a card mailed to you in 7 days or so, but our card is a foriegn bank corporate credit card. We will have to PAY for a new one which will have to be sent by courrier (at our expence) to a UK address. This will then have to be sent to me, the signee in Asia, where I am right now.

So, the cost and hassle, not to mention the downtime for any further transactions is a real and costly pain in the ar** for the company.

 

1. Will WHMCS be reimbursing us for these re-issuing charges we will incure?

2, The downtime for us will be at least 2 whole weeks, if not more, what will happen when our monthly WHMCS lease comes up for renewal next week? Will we get some grace time?

Anyone got any answers?

 

By the way I ma neither for against WHMCS for this cock up. **** happens, but this is some pretty bad ****.

 

Thanks

[ExsysHost]

I would be very dismissive to these very aggressive attacks against WHMCS talking about lax security and such.

These seem to be very over the top in their aggression and it is almost as if they are attempting a secondary attack against the owner to reinforce the damage that has been done.

 

Like a person told me back in 1998 when I was researching computer security "if you want everything to be completely secure then unplug your computer from the network".

 

Don't let anyone store credit card details with you... since you would be dismissive that your card holders would want your systems to be PCI compliant.