WHMCS.com Hacked?

[easyhosting]

Yea I reported the pastebin about 1 hour ago.

 

i reported this Tue, May 22, 2012 at 1:00 PM and they replied Tue, May 22, 2012 at 8:40 PM

 

Hello,

 

Thank you for reporting. The content has now been removed.

 

Regards,

 

Pastebin Support

 

so how many downloaded this in the 8 hrs

[Peter M Dodge]

I did too, as well the site to CloudFlare, but they didn't seem to fussed to do anything. I guess after enough people complaining they realised they really should.

[Hitakashi]

i reported this Tue, May 22, 2012 at 1:00 PM and they replied Tue, May 22, 2012 at 8:40 PM

 

 

 

so how many downloaded this in the 8 hrs

 

Around 5100

[durangod]

I have heard that LP Lunar Pages employes some of the best techs and security measures in the business. i dont know what matt has planned but if that is the case about LP, they are expensive though but i think if its true that would be a good choice.

[niels]

I have heard that LP Lunar Pages employes some of the best techs and security measures in the business. i dont know what matt has planned but if that is the case about LP, they are expensive though but i think if its true that would be a good choice.

 

The best techs in the world wouldn't have prevented todays problem. A good tech may have blocked unknown IP's from SSH access, but as the hackers had access to the account at the ISP they could've just as easily requested KVM access.

 

To prevent social engineering you'll either need a specialized ISP with proper authentication procedures or a private rack/cage which with a decent lock.

[twhiting9275]

Pastebin have now taken down the download page 8 hrs after i reported this to them

 

You're not the only one that reported it. Many, many have (myself included)

[durangod]

The best techs in the world wouldn't have prevented todays problem. A good tech may have blocked unknown IP's from SSH access, but as the hackers had access to the account at the ISP they could've just as easily requested KVM access.

 

To prevent social engineering you'll either need a specialized ISP with proper authentication procedures or a private rack/cage which with a decent lock.

 

Very well, and understandable, i posted that not to say it would prevent this but so that if matt was in fact looking for something like that which would put better tools at his fingertips then it would be an option. As i have heard that they even have a social engineering type section of techs there that discuss such topics and ways to counteract such things, as i said i dont know if that is true or not. My only point is if matt was in fact looking into getting with a major league player in hosting then LP might be an option, i guess you get what you pay for ya know.

[Peter M Dodge]

The best techs in the world wouldn't have prevented todays problem. A good tech may have blocked unknown IP's from SSH access, but as the hackers had access to the account at the ISP they could've just as easily requested KVM access.

 

To prevent social engineering you'll either need a specialized ISP with proper authentication procedures or a private rack/cage which with a decent lock.

 

Or an email account to which the password is not "1234"

 

On a completely relevant (??) note, I just got off the phone with PayPal, and here's what they suggested.

 

Since my own business needs this card (esp. around this time of the month), it's important for me to have the card (or an alternative) on hand @ all times... For people like me, they suggested the following

 

1. Login to Paypal
   
2. Click on the 'debit card' link on the right side.
   
3. Towards the top of the page, find 'Request a new card'
   
4. Request a new card... [1]
   
5. Wait 7-10 days
   
6. When card arrives, deactivate old one, report it lost/stolen [2]
   

 

 

[1]This must be done under a new name, but it can be a derivative of yours. For example, Tom/Thomas/Tommy , Bill/William/Billy, etc. According to the person on the phone, this doesn't matter

 

[2]If you do wait, make sure that you keep a very close eye on your paypal transactions for the next few days. Obviously, if something comes up, let them know immediately, and report it stolen.

 

Thanks for the information, going to pursue this to further protect myself.

[durangod]

Thank goodness my CC was a prepaid walmart visa card with a now 0 balance, they cant do nuthing with it. Reminds me to never use my actual bank cards with any website that stores the information, or utility service or anywhere.

 

Does anyone know if there is a need for WHMCS to reissue new licenses to us all and if so when they might do so?

[easyhosting]

Does anyone know if there is a need for WHMCS to reissue new licenses to us all and if so when they might do so?

 

I dont think this is feasible

[laszlof]

I dont think this is feasible

 

Or required. The licenses are tied directly to your specific WHMCS installation. Even if someone managed to reissue the license before you could update your password, and assigned it to their own WHMCS install, you'd just need to login, change your password, reissue the license again.

[Peter M Dodge]

Feasible, yes but it would be onerous, but not really required. Probably worth disabling license debugging if you have licensing issues though.

[malfunction]

Just in from the "locking the stable door after the horse has bolted" department , a button to delete your stored card details has appeared in the WHMCS backend this morning. Pressing it made me feel better though.

[Urano]

I dont think this is feasible

 

It is necessary.

I just try to login in my whmcs, and the license is invalid.

[easyhosting]

I personally don't think you've let us down, as it wasn't personally your fault however do think the customers deserve something small like when Sony PSN was hacked they gave us a period free.

 

well lets look at it like this

 

so they lets say decide to give all users a free month, this would work if you got your licence direct from WHMCS as they could give a promo code for this, but how would this work for the thousands that get their licences from resellers, but then this wold also mean they miss out on revenue for a month, which could be used to beef up security.

 

to me an issue happend,a solution is being sorted, so lets get back to running our businesses. I for one dont think offering something would acheive anything

Edited May 22, 2012 by easyhosting

[cenourinha]

well lets look at it like this

 

so they lets say decide to give all users a free month, this would work if you got your licence direct from WHMCS as they could give a promo code for this, but how would this work for the thousands that get their licences from resellers

 

As far as i know, thoose clients were not affected in anyway...

[easyhosting]

As far as i know, thoose clients were not affected in anyway...

 

they were if they used the WHMCS ticket system. Also ordering from some resellers you get an account setup with WHMCS, so these would also be affected

Edited May 22, 2012 by easyhosting

[Justine]

As far as i know, thoose clients were not affected in anyway...

 

It depends on the reseller, some resellers actually create you an account on WHMCS for support etc so yes they are just as much as risk in this case as everyone else.

[Pulsar132]

I just had a read on http://whmcs-hacker.soup.io/ and twitter. I doubt he's going to be very happy. They've already arrested him once in a similar matter. So they know who he is. Fingers crossed they arrest the f*cker! And charge him .

[Pulsar132]

They've uploaded it again. I've reported paste in again. Others need to too.

[[JSH]John]

I just had a read on http://whmcs-hacker.soup.io/ and twitter. I doubt he's going to be very happy. They've already arrested him once in a similar matter. So they know who he is. Fingers crossed they arrest the f*cker! And charge him .

If you look at their Twitter, they (UG) don't seem too bothered about the information being leaked out, so maybe it's not him? Hopefully the people responsible are caught and locked up for a long time.

[easyhosting]

i noticed and reported it

 

i also informed pastebin that if the FBI during their investigation find out they are not taking appropriate action about this then they might find their site taken down.

 

this may make them look at the hackers pastebin account and take this down.

[keencs]

I think the WHMCS should be able to cache for more than 7 days... still can't access my backend.

[Pulsar132]

http://paste.re/409.html

 

Report to their host. Can't see report or contact link.

[panacheweb]

I just want to say for that if anyone has ever bothered to read the patriot act, this is an act of terrorism against a company. In addition to violating multiple US and international laws.

 

the FBI should be involved at this point, but the blame falls on the lax security at HG. However as this is a UK based company, their version of the cyber crimes division should be involved.

 

We do not know which government agencies are involved at this point, and we do not need to make guesses and supposition as to the legal issues.