Jump to content

Compromise Q&A

Recommended Posts


Compromise Q&A


Q. Where can I find the details about what happened?


We have been regularly posting on our blog all week to keep users updated as soon as new details have become available, so please refer to http://blog.whmcs.com


Q. Why can't I login to your client area?


As a security precaution, we have expired all passwords for our client area. In order to restore access to your account, please visit the following url to reset your password: https://www.whmcs.com/members/pwreset.php


Q. I tried to access your site but it was down again, what's happened?


Since the initial attack on Monday, we have been experiencing a continuous distributed denial of service attack. This has caused disruption to our public facing site(s) and intermittent access problems.


Q. I've heard you host everything on one server, is that true?


No, we have our primary server which hosts our WHMCS installation and then a secondary server which hosts third party software's such as this forum, the blog and the documentation resources.


Q. How did the user gain access to your server?


Access was gained using social engineering.


Q. What is "social engineering"?


Put simply, it is the art of manipulating people into performing actions or divulging confidential information. In our case, it was a user impersonating our owner with our managed web hosting provider.


Q. What information was taken?


Our database was compromised, and therefore names, addresses & credit card information is at risk.


Q. What should I do?


You should change all passwords that you have used with us, both for the client area and provided via support tickets. Also if you have ever paid us via credit card directly (not through PayPal), then we recommend notifying your card company that your card details may have been stolen.


Q. Is there anything else I should look out for?


You should beware of criminals pretending to be from either WHMCS, your bank or other trusted companies.


Q. What are you doing to ensure this doesn't happen again?


We are in the process of moving to a new more expansive hosting infrastructure. This will happen next week. In the meantime, a full security audit and hardening was undertaken immediately following the breach, and our site remains safe to use. It is important to note that the breach we experienced was the result of a social engineering attack, and not the result of a hack or a breach in either the server or WHMCS software.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated