Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WHMCS Hacked - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WHMCS Hacked

2456724

Comments

  • PhilNDPhilND Member

    Just taken ours off. Better start doing it guys.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @Jack said: I suggest something comes out asap! I don't want to use WHMCS anymore I don't feel safe with it.

    The only alternative was hostbill and they're kinda merrrr from what loveVPS was saying.

    Francisco

  • AsadAsad Member

    Running ?licensedebug&forceremote on any installation takes it offline, I thought they cached licenses if the server was down for situations exactly like this?

  • jarjar Patron Provider, Top Host, Veteran

    Compressed, hidden, crippled. So, how's hostbill?

  • TaylorTaylor Member

    Well someone is going to have a sleepless night.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @AsadHaider said: Running ?licensedebug&forceremote on any installation takes it offline, I thought they cached licenses if the server was down for situations exactly like this?

    By default WHMCS' authentication software caches for like 4 - 5 days. They had a few times back in their WHMCS 3 days where they had a day+ downtime due to some equipment issues I think?

    Francisco

  • This is really fucking worrying.

    Did you guys put it in matianance mode or how did you do it?

  • gsxgsx Member

    I used Clientexec for my business. It has improved a lot in the past two years although there is still a long way to go.

  • PhilNDPhilND Member

    @bijan588 mv the dir, chmod 000 new one, put up notice.

  • @gsx said: I used Clientexec for my business. It has improved a lot in the past two years although there is still a long way to go.

    ClientExec misses a lot of plugin support.

  • AsadAsad Member

    @Jack said: I tried it and it killed my install saying "INVALID"

    Well done, your WHMCS is going to be offline until whmcs.com comes back up. :)

  • @PhilND going to be a pain from my phone.

  • TaylorTaylor Member

    @PhilND said: put up notice.

    Well said

    Due to @WHMCS Being attacked, we've shut down billing for now, support can be contacted at [email protected]

  • Someone has done it to me, darn.

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2012

    @bijan588 I compressed the directory and deleted it.

  • TaylorTaylor Member

    Better pay some invoices before its to late.

  • gsxgsx Member

    @Daniel I agree that Clientexec does miss a lot of plugin support, but we usually deployed accounts manually to review the order. Now we only provide consulting and web design, so only basic invoicing and support is needed.

  • AsadAsad Member

    Looks like they have access back, site shows a maintenance message.

    This site is under maintenance

  • Still loading to ugnazi here, took down our whmcs install ;-)

  • I found out how they were hacked.

    They used social engineering at HostGator to get Matts (from WHMCS) password.

  • TaylorTaylor Member

    @StableVDS said: Still loading to ugnazi here, took down our whmcs install ;-)

    >

    I bet the hosts with nulled WHMCH installed are laughing :p

  • TaylorTaylor Member

    @Daniel said: I found out how they were hacked.

    >

    Any sources to that?

  • PhilNDPhilND Member

    @Daniel Explains it... hostgator are monkeys. I would NEVER use them for 'managed' hosting

  • @liam said: Did Matt tell you this?

    No, I gave the source.

  • @liam said: I hadn't seen the other posts.

    Ah ok.

  • AsadAsad Member

    That's bad security, we let know all our hosts that if there is ever anything needed on servers (root password resets, reinstalls, etc.) then they have to confirm it by phoning up our office.

  • raindog308raindog308 Administrator, Veteran
    edited May 2012

    @Daniel said: They were hacked by the "Ex-Leader of Lulzsec".

    No doubt that with this bold action, he has struck a blow for the poor, disadvantaged...er...right, another pimply-faced teenage attention whore.

    Alternatives to WHMCS?

    Hostbill - pay up front for a year, which turns me off

    Blesta - no experience, though the name sounds like a curse my Italian father might have used

    ClientExec

    WHMAutoPilot

    IP.Nexus - yeah, actually this is an option as it has cpanel/whm integration, etc. However, it's an add-on to IP.Board so you'd have to own or purchase that as well.

    Although I haven't setup shop yet, I'll probably continue hacking on WHMCS because I find its code really nice and easy to work with.

    If the hacker really wanted to be a jerk, he could publish the non-ion'd source code.

  • @raindog308 said: I'd point out that it's quite possible that their web site (whmcs.com) might have been hacked but the actual WHMCS code might be fine - there could have been a vulnerability in main part of their site.

    They probably have the WHMCS source now

  • SpiritSpirit Member

    Who's peformer of the catchy music in the background of those hackers page?

Sign In or Register to comment.