Jump to content

WHMCS.com Hacked?

jasonmccurry
 Share

Recommended Posts

  • Replies 525
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Moc Member

Moc

Posted
Posted
****, changing banking details is always a mess, security questions, passwords, case sensitiveness, remembering new passes ,g rrrrrrrrrr UGNazi **** you man !

 

Honestly, welcome to the internet. If security wasn't tough, why would it be called 'security' then?

I understand the frustration but instead of whining here, get yourself secured in terms of passwords and any other information that might have been gathered by them.

Link to comment
Share on other sites
john_h Junior Member

john_h

Posted
Posted

Andrew, take a breather. It's important that everyone keep a level head, especially in situations like this.

 

Matt, I'm sure all of you guys have your hands full trying to figure out what happened and restoring service. However, I'd suggest that you have someone start drafting a communication to be sent out to all your clients and point them to your forum thread with the updates. Even if it's just to say "we're still investigating". It's important that you set your clients' expectations.

 

Best of luck to you guys.

Link to comment
Share on other sites
Andrew-FH Junior Member

Andrew-FH

Posted
Posted

are you having access to your Twitter, seems it's been compromised too, whmcs database leak is worrying me :( people who are unaware of all this, will suffer the most.

 

sorry my words earlier, but the moment i logged into forum, i was like OMG ! holy **** ! and so the words formed, but seriously Matt consider security options for next time, and please please upgrade this vbulletin,

Link to comment
Share on other sites
Peter M Dodge Member

Peter M Dodge

Posted
Posted

If you paid/pay with credit I'd be calling your credit company immediately. Only token-based systems offer some protection in this case and I'm pretty sure that's not what WHMCS is using for their own thing.

 

If you use PayPal you're probably safe, however. At least as far as CC details go.

 

Once the site is back up I'd contact your local authorities, they can likely be of at least some assistance.

 

It would be nice if we can confirm/deny if the account details were hacked or leaked, because I had my personal address in there, not the business address, since I use my personal CC.

Link to comment
Share on other sites
Moc Member

Moc

Posted
Posted (edited)

I find it highly unlikely that vbulletin lies at the root of the security breach, nonetheless it is one of the security measures. Note that the forum could have been patched with the latest fixes, just the version number that remains outdated.

 

Give Matt and his team some time and resources (in terms of not whining at him) to get this sorted out. Obviously there is a risk that personal information has been compromised, act pro-actively and get yourself secured.

Edited by Moc
Link to comment
Share on other sites
UH-Matt Senior Member

UH-Matt

Posted
Posted

No point speculating here people. Let Matt and co do what they need to do in order to clean up the mess and secure things in the short term. Hopefully information flow to us will be frequent and detailed, only once we know the full picture can we all really comment here with anything relevent...

Link to comment
Share on other sites
Moc Member

Moc

Posted
Posted (edited)

Probably because their initial priority was to get the boxes secure, then re-upload the website to be able to get some things functioning again which might include emailing.

 

Don't underestimate the damage that has been done to both the physical and the online 'infrastructure'. At the time they are hacked, there is no way of retrieving the email addresses of all clients to send out an email, its physically impossible so to speak.

Edited by Moc
Link to comment
Share on other sites
Moc Member

Moc

Posted
Posted
Physically impossible? Only if you never have remote backups...

 

Do you actually think it is as simple as restoring a backup? For all they know there is a rootkit installed which still controls the server. It first needs thorough checking, securing the box (possibly replacing the entire box to be sure), then loading up of the static files, etc etc. It is NEVER as simple to recover from a hack as just restoring a backup.

 

I said it was physically impossible to send a mass mail right when they were hacked as the infrastructure wasn't recovered (yet).

Link to comment
Share on other sites
durangod Senior Member

durangod

Posted
Posted (edited)

I reported

 

https://twitter.com/#joshthegod

 

to twitter, i cant believe they allow a known hacker group to have a twitter account. Others need to do the same, maybe we can get their acount deleted, i know it dont mean much but we cant just sit and do nothing, ya know. Maybe twitter will notify law inforcment if enough people complain and we can get them arrested, this is considered a form of piracy in my book!

 

FYI for this very reason what happend today is why last month they support ask me for my cpanel login and ftp i refused to let them have it. Not that i dont trust whmcs, i do. But becuase of this very issue. I am so glad i never gave them my login.

 

Please let me know at some point (get everything sorted out first) when the forum us back up correctly (it still has some funky code when you log in) and i will change my forum information.

 

Maybe matt and them will learn something from this and be able to provide us an update for our stuff just in case we need to protect ourselves. Of course i wont speculate what the deal was, whmcs, server or maybe they hacked another site entirely and got in. But i will wait for matt to see what he posts on this.

 

Good luck matt, take it one step at a time, and when your done, all of us will band together and go litterally castrate those f..kers who did this.

 

Thanks.

Edited by durangod
Link to comment
Share on other sites
twhiting9275 Senior Member

twhiting9275

Posted
Posted

just tell us are our credit card details safe, are they encrypted, if yes, is that encryption breakable ?

Credit card details are in fact encrypted. It's a PCI mandate.

Is that encryption breakable? Yes. Otherwise, you wouldn't be able to charge a card.

 

Did they get the keys to the safe, that is the real question.

I would expect Matt will let us know the answer to that question as soon as he finds it out himself.

Link to comment
Share on other sites
Peter M Dodge Member

Peter M Dodge

Posted
Posted
Do you actually think it is as simple as restoring a backup? For all they know there is a rootkit installed which still controls the server. It first needs thorough checking, securing the box (possibly replacing the entire box to be sure), then loading up of the static files, etc etc. It is NEVER as simple to recover from a hack as just restoring a backup.

 

I said it was physically impossible to send a mass mail right when they were hacked as the infrastructure wasn't recovered (yet).

 

If you pull it to the compromised box, sure. But you don't neccesarialy have to (if you have a decent backup provider). Pull it to a local box, grab the emails with a mysql query, add them to From, send from an uncompromised email, away you go stalwart hero of the realm.

 

Is it easy? No, of course not, dealing with intrusion attempts is almost never easy, but I do expect the company I'm essentially trusting with the backbone of my business to be proactive about these kinds of things.

Link to comment
Share on other sites
Moc Member

Moc

Posted
Posted
Physically impossible? Only if you never have remote backups...

 

If you pull it to the compromised box, sure. But you don't neccesarialy have to (if you have a decent backup provider). Pull it to a local box, grab the emails with a mysql query, add them to From, send from an uncompromised email, away you go stalwart hero of the realm.

 

Is it easy? No, of course not, dealing with intrusion attempts is almost never easy, but I do expect the company I'm essentially trusting with the backbone of my business to be proactive about these kinds of things.

 

I agree on that last paragraph. As for the rest I'd like to refer to a reply made by 'Matt R' (not WHMCS matt related) on WHT.com:

 

While true, I can see why they wouldn't notify their clients of things until everything is back online. Once you send out a mass mail like that, you're going to have nearly every one of those clients attempting to hit your website at the same time. That wouldn't help recovery efforts one bit. Especially if you don't know the extent of the damage yet, aside from the fact that he had effectively been rooted.

 

Seeing as nothing has been released as of yet by the hacker and there's no proof that database information has been compromised (although we know it's more than a longshot to say it hasn't been), waiting to get everything back online (even if in a temporary state) and then sending out a bulk email is what I likely would have done as well.

 

The real question is what his bulk email will contain when he does send it out. This press release can go very wrong very easily.

 

Anyhow, I'm awaiting more updates before posting more replies here :)

Link to comment
Share on other sites
iserver Member

iserver

Posted
Posted

Esta vez la culpa es de tus clientes o del software de tus clientes?

 

Te viene bien que te hallan dado jarabe de palo, para que cuando te hablan de hacking en instalaciones de clientes, no digas que la culpa es de "otros" softwares instalados en el servidor e inseguros.

 

******

 

This time the fault is with your clients or your client software?

 

Fit you are because you stick syrup, so that when they talk about hacking at customer sites, do not say that the fault of "other" software installed on the server and insecure.

 

:-P

Link to comment
Share on other sites
Peter M Dodge Member

Peter M Dodge

Posted
Posted

If I have a potential threat to not only my own private information, but my company's and my clients if the exploit was WHMCS Software-related, I want to know at hour zero. Not T plus three hours. If I hadn't seen the WHT thread I wouldn't've known till I saw the reddit topic, etc. And in short I wouldn't've known until quite a bit after the fact.

 

That's what bothers me, because it essentially puts my business at risk, and I don't know where the rest of you are right now, but it's what's keeping my lights on.

 

That said, as has been said in this thread prior, speculation is not very helpful. Which is why I feel Matt communicating what he finds - and as much as he can communicate - is not only 'a nice thing' - but neccesary if WHMCS expects to be taken seriously.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept