Andrew-FH Posted May 21, 2012 Share Posted May 21, 2012 and the funniest part is you are still using vbulletin 3.8.6, a 4-5 year old release, c'mon Matt, don't be so lazy it's your global clients Link to comment Share on other sites More sharing options...
Andrew-FH Posted May 21, 2012 Share Posted May 21, 2012 ****, changing banking details is always a mess, security questions, passwords, case sensitiveness, remembering new passes ,g rrrrrrrrrr UGNazi **** you man ! Link to comment Share on other sites More sharing options...
Moc Posted May 21, 2012 Share Posted May 21, 2012 ****, changing banking details is always a mess, security questions, passwords, case sensitiveness, remembering new passes ,g rrrrrrrrrr UGNazi **** you man ! Honestly, welcome to the internet. If security wasn't tough, why would it be called 'security' then? I understand the frustration but instead of whining here, get yourself secured in terms of passwords and any other information that might have been gathered by them. Link to comment Share on other sites More sharing options...
john_h Posted May 21, 2012 Share Posted May 21, 2012 Andrew, take a breather. It's important that everyone keep a level head, especially in situations like this. Matt, I'm sure all of you guys have your hands full trying to figure out what happened and restoring service. However, I'd suggest that you have someone start drafting a communication to be sent out to all your clients and point them to your forum thread with the updates. Even if it's just to say "we're still investigating". It's important that you set your clients' expectations. Best of luck to you guys. Link to comment Share on other sites More sharing options...
drhoo Posted May 21, 2012 Share Posted May 21, 2012 There's no point whining at Matt here. This is a tough situation and I'd rather focus on what I can do to ease pressure on WHMCS staff. Good luck Matt! Link to comment Share on other sites More sharing options...
Andrew-FH Posted May 21, 2012 Share Posted May 21, 2012 are you having access to your Twitter, seems it's been compromised too, whmcs database leak is worrying me people who are unaware of all this, will suffer the most. sorry my words earlier, but the moment i logged into forum, i was like OMG ! holy **** ! and so the words formed, but seriously Matt consider security options for next time, and please please upgrade this vbulletin, Link to comment Share on other sites More sharing options...
Peter M Dodge Posted May 21, 2012 Share Posted May 21, 2012 If you paid/pay with credit I'd be calling your credit company immediately. Only token-based systems offer some protection in this case and I'm pretty sure that's not what WHMCS is using for their own thing. If you use PayPal you're probably safe, however. At least as far as CC details go. Once the site is back up I'd contact your local authorities, they can likely be of at least some assistance. It would be nice if we can confirm/deny if the account details were hacked or leaked, because I had my personal address in there, not the business address, since I use my personal CC. Link to comment Share on other sites More sharing options...
Moc Posted May 21, 2012 Share Posted May 21, 2012 (edited) I find it highly unlikely that vbulletin lies at the root of the security breach, nonetheless it is one of the security measures. Note that the forum could have been patched with the latest fixes, just the version number that remains outdated. Give Matt and his team some time and resources (in terms of not whining at him) to get this sorted out. Obviously there is a risk that personal information has been compromised, act pro-actively and get yourself secured. Edited May 21, 2012 by Moc Link to comment Share on other sites More sharing options...
UH-Matt Posted May 21, 2012 Share Posted May 21, 2012 No point speculating here people. Let Matt and co do what they need to do in order to clean up the mess and secure things in the short term. Hopefully information flow to us will be frequent and detailed, only once we know the full picture can we all really comment here with anything relevent... Link to comment Share on other sites More sharing options...
Peter M Dodge Posted May 21, 2012 Share Posted May 21, 2012 Times like this getting someone out there and communicating could do an ounce of good, I think. Link to comment Share on other sites More sharing options...
Moc Posted May 21, 2012 Share Posted May 21, 2012 Just look at the updates Matt is giving, it actually is quite frequent and informative. I've seen far worse. Link to comment Share on other sites More sharing options...
ProHostGold Posted May 21, 2012 Share Posted May 21, 2012 Why did I hear about this from a third party and not direct from WHMCS? Link to comment Share on other sites More sharing options...
mylove4life Posted May 21, 2012 Share Posted May 21, 2012 Beacuse they are working on it... Why did I hear about this from a third party and not direct from WHMCS? Link to comment Share on other sites More sharing options...
Peter M Dodge Posted May 21, 2012 Share Posted May 21, 2012 It would probably be remiss of WHMCS not to send out an email notification. Link to comment Share on other sites More sharing options...
Moc Posted May 21, 2012 Share Posted May 21, 2012 (edited) Probably because their initial priority was to get the boxes secure, then re-upload the website to be able to get some things functioning again which might include emailing. Don't underestimate the damage that has been done to both the physical and the online 'infrastructure'. At the time they are hacked, there is no way of retrieving the email addresses of all clients to send out an email, its physically impossible so to speak. Edited May 21, 2012 by Moc Link to comment Share on other sites More sharing options...
Peter M Dodge Posted May 21, 2012 Share Posted May 21, 2012 Physically impossible? Only if you never have remote backups... Link to comment Share on other sites More sharing options...
Moc Posted May 21, 2012 Share Posted May 21, 2012 Physically impossible? Only if you never have remote backups... Do you actually think it is as simple as restoring a backup? For all they know there is a rootkit installed which still controls the server. It first needs thorough checking, securing the box (possibly replacing the entire box to be sure), then loading up of the static files, etc etc. It is NEVER as simple to recover from a hack as just restoring a backup. I said it was physically impossible to send a mass mail right when they were hacked as the infrastructure wasn't recovered (yet). Link to comment Share on other sites More sharing options...
durangod Posted May 21, 2012 Share Posted May 21, 2012 (edited) I reported https://twitter.com/#joshthegod to twitter, i cant believe they allow a known hacker group to have a twitter account. Others need to do the same, maybe we can get their acount deleted, i know it dont mean much but we cant just sit and do nothing, ya know. Maybe twitter will notify law inforcment if enough people complain and we can get them arrested, this is considered a form of piracy in my book! FYI for this very reason what happend today is why last month they support ask me for my cpanel login and ftp i refused to let them have it. Not that i dont trust whmcs, i do. But becuase of this very issue. I am so glad i never gave them my login. Please let me know at some point (get everything sorted out first) when the forum us back up correctly (it still has some funky code when you log in) and i will change my forum information. Maybe matt and them will learn something from this and be able to provide us an update for our stuff just in case we need to protect ourselves. Of course i wont speculate what the deal was, whmcs, server or maybe they hacked another site entirely and got in. But i will wait for matt to see what he posts on this. Good luck matt, take it one step at a time, and when your done, all of us will band together and go litterally castrate those f..kers who did this. Thanks. Edited May 21, 2012 by durangod Link to comment Share on other sites More sharing options...
twhiting9275 Posted May 21, 2012 Share Posted May 21, 2012 just tell us are our credit card details safe, are they encrypted, if yes, is that encryption breakable ? Credit card details are in fact encrypted. It's a PCI mandate. Is that encryption breakable? Yes. Otherwise, you wouldn't be able to charge a card. Did they get the keys to the safe, that is the real question. I would expect Matt will let us know the answer to that question as soon as he finds it out himself. Link to comment Share on other sites More sharing options...
Peter M Dodge Posted May 21, 2012 Share Posted May 21, 2012 Do you actually think it is as simple as restoring a backup? For all they know there is a rootkit installed which still controls the server. It first needs thorough checking, securing the box (possibly replacing the entire box to be sure), then loading up of the static files, etc etc. It is NEVER as simple to recover from a hack as just restoring a backup. I said it was physically impossible to send a mass mail right when they were hacked as the infrastructure wasn't recovered (yet). If you pull it to the compromised box, sure. But you don't neccesarialy have to (if you have a decent backup provider). Pull it to a local box, grab the emails with a mysql query, add them to From, send from an uncompromised email, away you go stalwart hero of the realm. Is it easy? No, of course not, dealing with intrusion attempts is almost never easy, but I do expect the company I'm essentially trusting with the backbone of my business to be proactive about these kinds of things. Link to comment Share on other sites More sharing options...
Moc Posted May 21, 2012 Share Posted May 21, 2012 Physically impossible? Only if you never have remote backups... If you pull it to the compromised box, sure. But you don't neccesarialy have to (if you have a decent backup provider). Pull it to a local box, grab the emails with a mysql query, add them to From, send from an uncompromised email, away you go stalwart hero of the realm. Is it easy? No, of course not, dealing with intrusion attempts is almost never easy, but I do expect the company I'm essentially trusting with the backbone of my business to be proactive about these kinds of things. I agree on that last paragraph. As for the rest I'd like to refer to a reply made by 'Matt R' (not WHMCS matt related) on WHT.com: While true, I can see why they wouldn't notify their clients of things until everything is back online. Once you send out a mass mail like that, you're going to have nearly every one of those clients attempting to hit your website at the same time. That wouldn't help recovery efforts one bit. Especially if you don't know the extent of the damage yet, aside from the fact that he had effectively been rooted. Seeing as nothing has been released as of yet by the hacker and there's no proof that database information has been compromised (although we know it's more than a longshot to say it hasn't been), waiting to get everything back online (even if in a temporary state) and then sending out a bulk email is what I likely would have done as well. The real question is what his bulk email will contain when he does send it out. This press release can go very wrong very easily. Anyhow, I'm awaiting more updates before posting more replies here Link to comment Share on other sites More sharing options...
iserver Posted May 21, 2012 Share Posted May 21, 2012 Esta vez la culpa es de tus clientes o del software de tus clientes? Te viene bien que te hallan dado jarabe de palo, para que cuando te hablan de hacking en instalaciones de clientes, no digas que la culpa es de "otros" softwares instalados en el servidor e inseguros. ****** This time the fault is with your clients or your client software? Fit you are because you stick syrup, so that when they talk about hacking at customer sites, do not say that the fault of "other" software installed on the server and insecure. Link to comment Share on other sites More sharing options...
twhiting9275 Posted May 21, 2012 Share Posted May 21, 2012 This time the fault is with your clients or your client software? We don't know that yet. Link to comment Share on other sites More sharing options...
Peter M Dodge Posted May 21, 2012 Share Posted May 21, 2012 If I have a potential threat to not only my own private information, but my company's and my clients if the exploit was WHMCS Software-related, I want to know at hour zero. Not T plus three hours. If I hadn't seen the WHT thread I wouldn't've known till I saw the reddit topic, etc. And in short I wouldn't've known until quite a bit after the fact. That's what bothers me, because it essentially puts my business at risk, and I don't know where the rest of you are right now, but it's what's keeping my lights on. That said, as has been said in this thread prior, speculation is not very helpful. Which is why I feel Matt communicating what he finds - and as much as he can communicate - is not only 'a nice thing' - but neccesary if WHMCS expects to be taken seriously. Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted May 21, 2012 WHMCS CEO Share Posted May 21, 2012 I've just posted a status update with what we know so far here: http://forum.whmcs.com/showthread.php?p=223467#post223467 As soon as we know more, I'll provide further updates. Matt Link to comment Share on other sites More sharing options...
Recommended Posts