Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

WHMCS Hacked - Page 9

WHMCS Hacked

1679111216

Comments

  • Someone has already made a script and put it on Pastebin, it goes through the entire database and decrypts all the CC info.

    Daniel.

  • Mon5t3rMon5t3r Member
    edited May 2012

    @djvdorp gandi.net $50 USD ~ £30

    Yes! I'm with Carstensz Pyramid Server Now stop asking me please :D
  • @Daniel said: Someone has already made a script and put it on Pastebin, it goes through the entire database and decrypts all the CC info.

    Yep, I've tested the script and it works. Got my company details and credit card.

  • MrAndroidMrAndroid Member
    edited May 2012

    @AsadHaider said: Yep, I've tested the script and it works. Got my company details and credit card.

    Ouch!

    I hope you cancelled your card.

    Daniel.

  • @Daniel said: I hope you cancelled your card.

    First thing I did yesterday when news broke of the hack.

  • Just wondering, say if you download the files, can you get in trouble for it?

    Insidiea

  • djvdorpdjvdorp Member

    link pl0x?

    I use http://tuxlite.com to configure all my VPSes and I love it!

  • @Insidiea said: Just wondering, say if you download the files, can you get in trouble for it?

    I wouldn't think so, as long as you don't do anything malicious or redistribute the data.

    Daniel.

  • just google search for: whmcs credit card script

    That's what i did.

    Proud member of the VPS Collectors Club

  • WilliamWilliam Member

    The CCs don't include CCV2... right?

    Opinions/Posts are to be assumed my own/personal and not company related unless obvious - Content is protected by free speech laws in the US (where LET is hosted) and Austria (where i live). I am currently not working @ EDIS due to health issues.

    Thanked by 1DanielM
  • DanielMDanielM Disabled

    @William said: The CCs don't include CCV2... right?

    I amagine they will do.

  • @William said: The CCs don't include CCV2... right?

    They include everything needed to charge your card.

    Daniel.

  • Mon5t3rMon5t3r Member

    @Daniel said: They include everything needed to charge your card.

    and ID card verification image too? (linode need this, but i never make any direct CC transaction except linode so i could be wrong)

    Yes! I'm with Carstensz Pyramid Server Now stop asking me please :D
  • WilliamWilliam Member

    @DanielM said: I amagine they will do.

    Interesting.

    Opinions/Posts are to be assumed my own/personal and not company related unless obvious - Content is protected by free speech laws in the US (where LET is hosted) and Austria (where i live). I am currently not working @ EDIS due to health issues.

  • Now if someone would use the passwords from this database, login to the peoples whcms and dump their databases i can only imagine it would be a shitload of CCs

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • ElliotJElliotJ Member

    @djvdorp said: @ElliotJ where do you get them then?

    Hexonet.de - £29, although you have to pre-pay your account in USD (Confusing) That's the cheapest you can get as an EU resident - Gandi.net state their prices excluding VAT.

  • MrDOSMrDOS Member
    edited May 2012

    @Daniel said: They include everything needed to charge your card.

    Oh man. That's several kinds of PCI noncompliance, isn't it?

  • @MrDOS said: That's several kinds of PCI noncompliance

    Whats PCI?

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • @gsrdgrdghd said: Whats PCI?

    Basically, a set of rules WHMCS must comply with for big companies and governments to use it.

    Daniel.

  • MrDOSMrDOS Member
    edited May 2012

    @Daniel said: Basically, a set of rules WHMCS must comply with for big companies and governments to use it.

    No. A set of rules anyone in the US must comply with to handle direct credit cards payments (as in, payments not through a payment service such as PayPal). Fines for noncompliance can be in order of hundreds of thousands of dollars per day of noncompliant operation.

  • @ElliotJ said: Hexonet.de - £29, although you have to pre-pay your account in USD (Confusing)

    Sweet, that is cheap. Just signed up to the site, do you mean CAD? Signed up to the Canadian one.

  • @MrDOS said: Fines for noncompliance can be in order of hundreds of thousands of dollars per day of noncompliant operation.

    Well since WHMCS is an UK and not an US company that shouldn't be any problem. However it was just plain stupid of them to store all CC details in "plaintext"

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • So wait, isn't WHMCS the guys that would rage on you if you wanted to store your CC's within your own DB because it violated xyz laws or you needed heavy PCI compliance?

    Francisco

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel
    Thanked by 1djvdorp
  • rds100rds100 Member
    edited May 2012

    AFAIK it (PCI compliance) is not an US thing. It is Visa/Mastercard requirement. They are the ones who fine you.

  • SpencerSpencer Member

    @MrDOS said: No. A set of rules anyone in the US must comply with to handle direct credit cards payments (as in, payments not through a payment service such as PayPal).

    Exactly. That is why I don't run credit cards through my WHMCS and only do them through a 3rd party like WHMCS or 2co.

  • @MrDOS said: No. A set of rules anyone in the US must comply with to handle direct credit cards payments (as in, payments not through a payment service such as PayPal). Fines for noncompliance can be in order of hundreds of thousands of dollars per day of noncompliant operation.

    I stand corrected, I thought wrong.

    Daniel.

  • subigosubigo Member

    @rds100 said: AFAIK it (PCI complieance) is not an US thing. It is Visa/Mastercard requirement. They are the ones who fine you.

    Correct.

  • MrDOSMrDOS Member

    @rds100 said: AFAIK it (PCI complieance) is not an US thing. It is Visa/Mastercard requirement.

    My bad, then. I knew it was controlled by a conglomerate of credit card companies, but I thought they kept it within US borders.

  • InsidieaInsidiea Member
    edited May 2012

    @Daniel said: I wouldn't think so, as long as you don't do anything malicious or redistribute the data.

    Anyone else wants to add to this/confirm?

    Insidiea

  • @Insidiea said: Anyone else wants to add to this/confirm?

    Well this depends very much on your country's legislation. However even if its illegal to download/view it i don't think anybody who doesn't abuse the data would get in trouble for it.

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

    Thanked by 1Insidiea
  • @Insidiea said: Anyone else wants to add to this/confirm?

    Well, I don't think it would hurt just to check what data of yours in there. Thats the reason I downloaded it.

    Daniel.

    Thanked by 1Insidiea
  • @Jack said: Dear Ken Nash (UptimeVPS),

    This is a confirmation email that you have registered with WHMCS. Your new account has been setup and you can now login to our client area using the details below.

    So did anyone actually try to login?

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • DaosmbDaosmb Member
    edited May 2012

    @Daniel said: Well, I don't think it would hurt just to check what data of yours in there. Thats the reason I downloaded it.

    I'm a client, do I need to jump in and "check" things? Or is it "just fine"? :)

  • I have a quick question, I quickly skimmed through the 9 pages of this topic and didn't see an answer, I had a WHMCS license through LicensePal, canceled it quite awhile ago. So since I paid at LicensePal, WHMCS doesn't have my credit card details, right?

  • @Daosmb said: I'm a client, do I need to jump in and "check" things? Or is it "just fine"? :)

    If you tell me what to look for i can check it for you

    President Of Operations/CEO/CFO/CTO/COO of my account
    image

  • AsadHaiderAsadHaider Member
    edited May 2012

    @Legendlink said: So since I paid at LicensePal, WHMCS doesn't have my credit card details, right?

    Correct. You're credit card is safe.

  • @AsadHaider said: Correct. You're credit card is save.

    ... untill they get social engineered through their hosting provider....

  • @AsadHaider said: Correct. You're credit card is save.

    I think your meaning safe, if LicensePal was giving out CC info to WHMCS that would be worrying.

    Daniel.

  • @BlueVM said: Unfortunately you can't use stolen information in an investigation.

    Who says it's stolen? It may well be "public" found somewhere, which they CAN use in an investigation.

    Looking for support, sysadmin, etc. work: PM
    Working on VPSM
  • SpencerSpencer Member

    When will WHMCS get control of their twitter again ;(

    Thanked by 1Jeffrey
  • JeffreyJeffrey Member

    So, who's willing to hack ugnazi? :P

    My Blog | - [email protected] - 386-320-9435
  • SpencerSpencer Member

    @Jeffrey said: So, who's willing to hack ugnazi? :P

    That would be stooping to their level :p

  • AldryicAldryic Member

    @PytoHost said: That would be stooping to their level :p

    Not like pulling the leaked database to look up financial figures and personal information on other people, right? -_-;

    BuyVM - OpenVZ & KVM Based / TUN, PPTP, FUSE, SIT & GRE Enabled! / Stallion Control Panel || G+ / FB
  • SpencerSpencer Member

    @Aldryic said: Not like pulling the leaked database to look up financial figures and personal information on other people, right? -_-;

    Hahaha good point

  • subigosubigo Member

    A new WHMCS exploit scanner is being passed around IRC now. It checks for exploits on every single IP listed as active in the database. It's not that bad now (unless you never update WHMCS), but this is going to make future exploits a bad thing. It's not like most people are going to change their server IP just to protect themselves.

  • SpencerSpencer Member
    edited May 2012

    @subigo said: A new WHMCS exploit scanner is being passed around IRC now. It checks for exploits on every single IP listed as active in the database. It's not that bad now (unless you never update WHMCS), but this is going to make future exploits a bad thing. It's not like most people are going to change their server IP just to protect themselves.

    Phewww I just moved my WHMCS server today (unrelated to the hacking) Perfect day for this to happen!

  • @subigo said: A new WHMCS exploit scanner is being passed around IRC now.

    What shady IRC networks are you on?

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

    Thanked by 3Spencer Aldryic Jeffrey
  • JackJack Member
    edited May 2012

    @TheHackBox said: What shady IRC networks are you on?

    . #lowendbox on irc.freenode.net

  • subigosubigo Member

    @TheHackBox said: What shady IRC networks are you on?

    You can find anything on Freenode, Captain.

Sign In or Register to comment.