Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 8
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

1568101124

Comments

  • subigosubigo Member
    edited May 2012

    WHOA... WHMCS MONTHLY PROFIT

    My math was way off, because I wasn't loading entire rows. WHMCS currently has 67,302 active clients, most of which are monthly licenses. Now, let's say those licenses are the cheapest possible amount that Licensepal buys them for, about $7-8. That means...

    WHMCS currently rakes in about $530,000 per MONTH and that's conservative. There is absolutely no reason why they shouldn't of had a few dedicated server admins working for them.

    I'm in the wrong business.

    Thanked by 1djvdorp
  • u4iau4ia Member

    someone on WHT said: This is just terrible. We've played with this for the last 20 minutes, and have decrypted all the credit cards in the database, along with expiration dates, full billing address, first/last name etc.

    IF YOU HAVE YOUR CREDIT CARD ON FILE AT WHMCS, CALL AND CANCEL THE CARD NOW!

    http://www.webhostingtalk.com/showthread.php?t=1156920&page=35
    That's not good. I hope anyone who has a credit card on file sees this somewhere and cancels it.

  • u4iau4ia Member

    I hope this isn't too ignorant a question, but the database only contains provider details, not the provider's client's details, correct?

  • subigosubigo Member

    @u4ia said: someone on WHT said: This is just terrible. We've played with this for the last 20 minutes, and have decrypted all the credit cards in the database, along with expiration dates, full billing address, first/last name etc.

    IF YOU HAVE YOUR CREDIT CARD ON FILE AT WHMCS, CALL AND CANCEL THE CARD NOW!

    That's not good. I hope anyone who has a credit card on file sees this somewhere and cancels it.

    Confirmed on multiple IRC channels.

  • KairusKairus Member

    @subigo said: WHMCS currently rakes in about $530,000 per MONTH and that's conservative. There is absolutely no reason why they shouldn't of had a few dedicated server admins working for them.

    Holy....

  • gsxgsx Member

    @subigo Time to write your own billing system :-)

  • subigosubigo Member

    Yeah... and according to a few shady people on IRC, they already tested and charged a few of those cards... by... get this... ordering lifetime licenses on whmcs.com. Now, I'm not one to approve of credit card theft, but that's pretty fucking funny.

    Thanked by 2TheHackBox djvdorp
  • Saudi hack forum now decript credit cards

  • FRCoreyFRCorey Member

    Whew thanks to the hosting gods I used paypal to pay for WHMCS.

  • FRCoreyFRCorey Member

    Shame on WHMCS for not using a token gateway, they can kiss their PCI compliance goodbye.

    Also if it is true they lost all those credit cards, I smell a massive lawsuit, start looking into alternatives.

  • @u4ia said: I hope this isn't too ignorant a question, but the database only contains provider details, not the provider's client's details, correct?

    I'd like to know this as well. I'd say it wasn't. If I understand how WHMCS works you still have a local install that occasionally phones home to make sure the license is valid but all the provider's client details are stored on a provider server. Hence why all the providers on here scrambled to shut down their WHMCS installs in case the hack was to the actual software.

    Thanked by 1u4ia
  • Alittle off topic but how is hostbillapp?

  • u4iau4ia Member

    @vrillusions That's what I was thinking too, pretty much the way you put it.

  • http://blog.whmcs.com/?t=47660

    Following an initial investigation I can report that what occurred today was the result of a social engineering attack.

    The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.

    This means that there was no actual hacking of our server. They were ultimately given the access details.

    Umm... seriously? I don't know where the failure is on this but it's pretty big. I read somewhere their servers are from hostgator (don't quote me on that but heard it mentioned a few times). There should be some sort of pin that hopefully only they know and even better would be some kind of phone call loop where they call the registered phone number to verify the access or something...

  • @FTN_Kevin said: Where is this chat transcript?

    Whmcs FIle\whmcs.com\mail\whmcs.com\matt\new\1337612825.H620466P1269.whmcs.whmcs.com,S=6865
  • subigosubigo Member

    @vrillusions said: @u4ia said: I hope this isn't too ignorant a question, but the database only contains provider details, not the provider's client's details, correct?

    I'd like to know this as well. I'd say it wasn't. If I understand how WHMCS works you still have a local install that occasionally phones home to make sure the license is valid but all the provider's client details are stored on a provider server. Hence why all the providers on here scrambled to shut down their WHMCS installs in case the hack was to the actual software.

    Clients are safe as long as your host didn't provide WHMCS with any login information.

    Thanked by 1u4ia
  • Awmusic12635Awmusic12635 Member, Host Rep
    edited May 2012

    Not entirely sure why everyone is saying what should have been done or what should have happened. The fact is, it happened,

  • AdamAdam Member

    Wonder if HostBill's marketing department will have the brains to profit off of this incident (releasing monthly licenses again).

  • @Subigo active license 15649

  • miTgiBmiTgiB Member
    edited May 2012

    Finally got an email to the email I use at WHMCS

    
    Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.
    
    To clarify, this was no hack of the WHMCS software itself, nor a hack of our server.  It was through social engineering that the login details were obtained.
    
    As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
    
    This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.
    
    We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
    
    ----
    WHMCS Limited
    www.whmcs.com
    
  • RandyRandy Member

    sadly, i need to re-issue my keys and this happned :(

  • joepie91joepie91 Member, Patron Provider

    @Insidiea said: Whmcs FIle\whmcs.com\mail\whmcs.com\matt\new\1337612825.H620466P1269.whmcs.whmcs.com,S=6865

    Man, the Hostgator support department really seems to suck.

  • subigosubigo Member

    @joepie91 said: @Insidiea said: Whmcs FIle\whmcs.com\mail\whmcs.com\matt\new\1337612825.H620466P1269.whmcs.whmcs.com,S=6865

    Matt is officially a fucking idiot. There's no way I can trust someone who runs a $500k/month company and has to go on Hostgator livechat to ask for help. The dude obviously has no idea how a server works and knows even less about security.

  • laaevlaaev Member

    I don't have access to the leaks, and do not have any interest in doing so. I'm keen to review the chat transcript, can anybody PM it to me please?

  • Long thread- but do the hackers already have the whmcs sources and have they released it? That would certainly mean the end of whmcs business.

  • subigosubigo Member

    @FTN_Kevin said: I don't have access to the leaks, and do not have any interest in doing so. I'm keen to review the chat transcript, can anybody PM it to me please?

    There's almost nothing to it. A little birdy told me it was here: http://pastebin.com/raw.php?i=5bBkZx6L

  • FRCoreyFRCorey Member

    Why are you people doing monthly licenses of anything? It's expensive. I purchased a WHMCS license and over 5 years renting it was over 2x the cost of paying for the unlabeled version and that was including the yearly maintenance fees. Sure if there was a 8 dollar hostbill out there that might make sense, but I think it was an effort to drive up more users.

  • subigosubigo Member

    @FRCorey said: Why are you people doing monthly licenses of anything? It's expensive. I purchased a WHMCS license and over 5 years renting it was over 2x the cost of paying for the unlabeled version and that was including the yearly maintenance fees. Sure if there was a 8 dollar hostbill out there that might make sense, but I think it was an effort to drive up more users.

    I buy monthly, because I don't want to be locked into a year when something like this happens. ;)

  • Just read the live chat. Why didn't he "call" hostgator. This isn't something small like a simple website that doesn't hold any cc info or client details.

Sign In or Register to comment.