New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yeah. Just had a look through some of their backend files, the php coding is retarded.
That is the database of their own whmcs install?
Everything. Every last thing on their site is in the cpanel download.
Can I have those files
I think anyone in their database deserves access to what is now public, but providing them may present some legal concerns.
Somebody could silently pm me :P
It's so bad I've read the chat transcript of Matt's chat with HostGator after he discovered his server was compromised. Hopping into bed now.
Torrents! (I don't actually want a copy though).
You could easily see the seeder ip with torrent ~_~
I got the files, however I fail at importing them. Appears to be incomplete.. Maybe I didnt download the whole thing or something got corrupted.
Not it's not. Just tested. It takes some time.. but at this moment urls work and all 3 files are still available. (I am not downloading them - out of my interest.)
This process is automatic. Your browser will redirect to your requested content shortly.
Please allow up to 5 seconds...
DDoS protection by CloudFlare
I know where you all live now. Who wants pizza delivered? (I didn't say I'm paying.)
The files are still up, it just takes a very long time to download them:
Yeah, too bad I have to download it with a browser (my home connection is too slow for this) ~_~
Where is this chat transcript?
Even popular hosting company like simplexwebs.com abused WHMCS/HostGator license
There is 5.10 beta version from 12 of May in that rip as well. Is it public, cause I havent seen it till now.
I don't suppose anyone's seen a press release from Hostgator over this yet?
If Matt really did contact the FBI and they accepted the case, you probably won't be seeing anything from them at all.
Mmm, got a point there. If it was pure soceng, really not much blame you can put on HostGator, so I suppose we'll see.
WHMCS didnt even send email to their clients... For example I do not go frequentely to their website to monitor their forums and blog and I am sure that a huge load of their users are the same and got no idea what has happened. This leak of the personal information can be exploited in so many ways.
Well I do believe hostgator ask for the last 4 of the last credit card used to pay for the invoice or your last paypal transaction id. I do believe not 100% sure on the paypal part. But I know about the credit card one.
@LiquidHost they just sent one, probably running through 30K+ clients atm.
To be honest neither do I. But when I hear about something like this, one of the first things I do is check the regular news mediums for the party involved :P
Someone mentioned earlier that a reseller had sent emails out.. I can understand that, they have nothing else to do but advise their clients and wait. I imagine the WHMCS chaps are fairly swamped with trying to lock things down while minimizing downtime for their own clients. Not to mention that they use (dun dun dun), WHMCS. So it's pretty understandable that they're wanting to make sure everything is locked down tight before they start a mass mail.
Not really trying to defend anyone... but it's not a bad thing to think past the immediate and avoid jumping to conclusions straightaway. Just my two cents.
even fraudrecord sent me the notification.. where are you matt..
You are absolutely right about that, however a lot of hours have passed without any email notification (saw someone posted they just started sending out one). I belive that company fo their size should have emergency backup plans ready.. Its been like 10 hours (or was it less, not sure), since when it was announced they were hacked, plenty of time for an emergency backup plan to be executed and damage minimised. Cause in event like this (Personal data and especially credit cards beeing leaked) - every minute is important for the end clients.
I apologise for my bad english, it's not my native language.. Hope that you could understand me.
Loud and clear sir, and I do agree with you. Even a very short message linking to their forum post (in the interest of pushing the mail out quickly) would've been better... but I do understand their desire to make damn sure that their install was secure first.
They could have installed it anywhere and sent out the emails, or just extracted the customer names/emails from the database and mass mailed everyone.
http://i.imgur.com/rDR5e.png - Not really sure about that
I personally wouldnt bother checking that myself, would nto stick my nose that deep.. The thing that I was curious about was actually their yearly revenue, it already got posted in here
Not really if the new installation is not secured. It is easy to trace the email