Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

WHMCS Hacked - Page 11

WHMCS Hacked

18911131416

Comments

  • HerrMaulwurfHerrMaulwurf Member
    edited May 2012

    The attacker knew he security questions and answers. The first attack is definately not Hostgator's fault. Don't know what happend during the second attack.

    And I'm not a Hostgator fanboy, I don't have any services with them.

  • @Jack said: @TheHackBox said: What shady IRC networks are you on?

    . #lowendbox on irc.freenode.net

    Woah i miss IRCing :S Is that channel worth a look?

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • OliverOliver Member

    @gsrdgrdghd said: Woah i miss IRCing :S Is that channel worth a look?

    Definitely not!

    Ransom IT | ɹǝpun uʍop sdʌ | vps down under | KVM in Sydney and Adelaide | OpenVZ in Adelaide
  • @HerrMaulwurf said: The attacker knew he security questions and answers. The first attack is definately not Hostgator's fault.

    A little verification call from Hostgators side after a password change for a customer the size of WHMCS, wouldn't have been unreasonable.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

    Thanked by 1klikli
  • @Oliver said: Definitely not!

    lol ok then :D

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • klikliklikli Member

    $ host www.whmcs.com www.whmcs.com is an alias for whmcs.com. whmcs.com has address 50.116.115.104

    $ host forum.whmcs.com forum.whmcs.com has address 207.58.161.149

    $ host blog.whmcs.com blog.whmcs.com has address 207.58.161.149

    It sounds that blog. and forum. has now been moved to somewhere in Servint.

    Selling multiple 2000-user GApps :) Shoot me a message to make an offer.

  • ElliotJElliotJ Member

    @rds100 said: I don't think it was hostgator's fault after this. Hostgator followed their established procedures.

    In that case, their procedures simply weren't robust enough in this situation. :/

  • rds100rds100 Member

    @ElliotJ i guess the same is true for most providers offering "live chat support". That's why i don't understand why people want to use live chat - it is insecure and open to such problems. It is not that hard to login to your client are and submit a ticket...

  • President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • 1q11q1 Member

    no luck trying to decrypt the blobs :/

  • @1q1 said: no luck trying to decrypt the blobs :/

    http://pastebin.com/FrHk9391

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

    Thanked by 1djvdorp
  • 1q11q1 Member
    edited May 2012

    no luck trying to decrypt the blobs :/

    @gsrdgrdghd said: http://pastebin.com/FrHk9391 Thank you My bad noobness, still don't know where are my faults :/

  • 1q11q1 Member
    edited May 2012

    Now i know why it was not working. UG has changed the issuenumber blobs. lol!

  • RandyRandy Disabled

    lol, WHY Didnt the FBI take that cock sucker down, GearSec already released the Hacker's details

  • jarlandjarland Member

    @Randy My guess is weekend and compiling the evidence. GearSec did a good thing there, but they aren't a legal authority. He'll be going down very soon.

    jarland.me | Read about my new hosting experiment.

  • RandyRandy Disabled
    edited May 2012

    they actiually got hold of his address , i think the hacker is not that stupid to put his address in public in the whois record right? LOL. its not a weekend? what are you talking about?

  • jarlandjarland Member
    edited May 2012

    Today felt like Tuesday to me, meaning yesterday would've been coming off the weekend. In my defense, I haven't slept much lately ;)

    jarland.me | Read about my new hosting experiment.

  • @Randy said: lol, WHY Didnt the FBI take that cock sucker down, GearSec already released the Hacker's details

    From what i understand the information GearSec has gathered is from some leaked IRC logs or so. The FBI can't (shouldn't) just arrest someone because some dubious group accused from of hacking WHMCS.

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • RandyRandy Disabled

    they said themselves that they did it, what do you mean that the @UG group is being "accused "?

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @Randy said: what do you mean that the @UG group is being "accused "?

    The group GearSec accused the people they named in their blog to be the people that hacked WHMCS.

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • BHostBHost Member

    Irritating, we actually use Ubersmith, but had toyed in the recent past with switching to WHMCS and had signed up for a license to try it out.

    I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    BHost - London / Amsterdam VPS and Cloud hosting - www.BHost.net
    We're hiring! Visit www.BHost.net/jobs
  • @BHost said: I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    There's been a dump on Pastebin of all the decrypted CC details.

    Daniel.

  • @BHost said: I take it from those links to pastebin that the card details can be decrypted then and so any CCs need cancelling?

    I can confirm that your CC data is in the dump and you need to cancel your card.

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • exussumexussum Member

    Even without that dump takes less than 1 min for the php to run and decrypt all

  • BHostBHost Member

    Thanks for the info. Scrambles to call the bank...

    BHost - London / Amsterdam VPS and Cloud hosting - www.BHost.net
    We're hiring! Visit www.BHost.net/jobs
  • @gsrdgrdghd said: http://pastebin.com/FrHk9391

    For the record, Reckz0r stole that from http://pastebin.com/EVCxM2zp (he's known to plagiarize things).

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • LiamLiam Retired Staff

    @joepie91 said: For the record, Reckz0r stole that from http://pastebin.com/EVCxM2zp (he's known to plagiarize things).

    Any hackers you don't know?

    Retired LowEndBox & LowEndTalk staff.
  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @liam said: Any hackers you don't know?

    Calling those Anonymous or lulz"sec" people "hackers" is an insult for the word hacker :P

    Oh and btw it has been pointed out earlier that @joepie91 has affiliations with lulzsec/anonymous

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

    Thanked by 1djvdorp
  • AldryicAldryic Member

    @gsrdgrdghd said: Oh and btw it has been pointed out earlier that @joepie91 has affiliations with lulzsec/anonymous

    Old news, but correct. To his defense, he was one of the chaps that hung about in the lulzsec irc channel; he wasn't directly involved with their antics.

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel || G+ / FB
  • @liam said: Any hackers you don't know?

    Reckz0r can not be considered in any way, shape, or form a 'hacker', regardless of whether you adhere to the 'media definition' of 'someone that breaks into computers' or the 'real' definition of 'someone that builds things'.

    The point is that Reckz0r has been attentionwhoring all over anon for the past few weeks - I think it'll be hard to find someone involved in anon that doesn't know about him and his constant plagiarism, false claims, and famewhoring.

    (Additionally, I'm not sure how my 'affiliations with anon' [what? It's not even a group] matter here.)

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • gsrdgrdghdgsrdgrdghd Member
    edited May 2012

    @joepie91 said: (Additionally, I'm not sure how my 'affiliations with anon' [what? It's not even a group] matter here.)

    They don't really matter (and i don't think anyone here cares), i just provided it as an explanation to @liam why you know all that people.

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • jarlandjarland Member
    edited May 2012

    It's not hard have affiliations with "anonymous." Anyone can post on _chan.___ Fill in the blanks with anything really...

    jarland.me | Read about my new hosting experiment.

  • @liam said: Any hackers you don't know?

    Jesus is a hacker, he was able to hack physics to walk on water!

    Daniel.

    Thanked by 2djvdorp Liam
  • jarlandjarland Member

    @Daniel Nobody owns the water. It's God's water.

    jarland.me | Read about my new hosting experiment.

  • @gsrdgrdghd said: They don't really matter (and i don't think anyone here cares), i just provided it as an explanation to @liam why you know all that people.

    Fair enough.

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • Hmmm...

    image

    My Advice: : VPS Advice
  • LiamLiam Retired Staff

    @joepie91 I was just joking how you seem to know all the 'hackers' ;)

    Retired LowEndBox & LowEndTalk staff.
  • @jarland said: @Daniel Nobody owns the water. It's God's water.

    The fish own it.

    Daniel.

  • @Daniel said: The fish own it.

    Jesus pown'd it!

    My Advice: : VPS Advice
    Thanked by 1Infinity
  • @rds100 said: @ElliotJ i guess the same is true for most providers offering "live chat support". That's why i don't understand why people want to use live chat - it is insecure and open to such problems. It is not that hard to login to your client are and submit a ticket..

    Phone is subject to the same problem, and people want their answers now, not in an hour, not in a day, whatever.

    Looking for support, sysadmin, etc. work: PM
    Working on VPSM
  • Shit. I hope my debit card wasn't leaked. Oh well, hopefully my bank will detect any weird charges if anything happens.

    I go onto Lowendbox to search for a VPS and get this bad news.... ugh.

    Shane Elmore | Programmer In Progress

  • Holy majoly.

    Do my eyes deceive me or has @DepotVPS_Shane returned...

    My Advice: : VPS Advice
  • @DepotVPS_Shane said: I hope my debit card wasn't leaked. Oh well, hopefully my bank will detect any weird charges if anything happens.

    If you used your card on whmcs.com then it has been leaked. I suggest you phone your bank rather than wait for something to happen.

  • @Asad: I might as well. I used licensepal but just to be safe....

    Shane Elmore | Programmer In Progress

  • So we have gathered this.

    WHMCS used HostGator and trusted HostGator with everything. HostGator clearly do not give a damn about their big customer's security, and after a few questions just hand the account over. WHMCS is at fault for using HostGator in the first place when they can clearly afford a dedicated server and clearly have the minimal skills to manage it. Everyone who had their credit card details at WHMCS are now screwed and should cancel their card ASAP and check purchases, as your details are now everywhere. WHMCS should of used a better method for storing CC data, perhaps each daily cron job a URL is sent to the admin where they enter the key to process the transactions.

    Daniel.

  • But what about us LicensePal people? :P

    I might just be calling the bank if LP is effected too...

    Shane Elmore | Programmer In Progress

  • @DepotVPS_Shane said: But what about us LicensePal people? :P

    Should be fine.

    Daniel.

  • LiamLiam Retired Staff

    @DepotVPS_Shane

    Welcome back.

    Retired LowEndBox & LowEndTalk staff.
Sign In or Register to comment.