New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
LOLOLOL,
The wiki is showing the hacked by annon shit.
Looks like many Shell scripts has been dropped in first hack. Don't know why he needs Cpanel. It is not so difficult to configure/manage server without any panel. He should first get rid of panel and run his forum, blog, main websites in separate Ubuntu or Debian servers.
I have disabled licensedebug for now on my install.
HostGator probably gave out his password again.
I present to you: http://www.haswhmcsbeenhackedtoday.com/
Thanks to joepie91 for the domain idea
Oh No!
Brilliant idea though, you should send it to the WHMCS developers so at least they know when their site is hacked.
Website use to work! Now it is pointing to the park page ugh
lol... If WHMCS ever goes a day without getting hacked again, you should put a "IT HAS BEEN XX DAYS SINCE THE LAST WHMCS HACK" image up.
HAHA good idea. Is the website loading for you or is just a parked page?
-Edit-
Its back now, must of been DNS caching issue
Its back now, must of been DNS caching issue
Yep, its loading here.
Wow, they are still hosting with HostGator even after all this. The members area and main site is on HostGator still.
I don't think it was hostgator's fault after this. Hostgator followed their established procedures.
The attacker knew he security questions and answers. The first attack is definately not Hostgator's fault. Don't know what happend during the second attack.
And I'm not a Hostgator fanboy, I don't have any services with them.
Woah i miss IRCing :S Is that channel worth a look?
Definitely not!
A little verification call from Hostgators side after a password change for a customer the size of WHMCS, wouldn't have been unreasonable.
lol ok then
Another update
http://pastebin.com/iDgfV8RM
$ host www.whmcs.com
www.whmcs.com is an alias for whmcs.com.
whmcs.com has address 50.116.115.104
$ host forum.whmcs.com
forum.whmcs.com has address 207.58.161.149
$ host blog.whmcs.com
blog.whmcs.com has address 207.58.161.149
It sounds that blog. and forum. has now been moved to somewhere in Servint.
In that case, their procedures simply weren't robust enough in this situation.
hOLY SHIT http://pastebin.com/KrRG81e4
@ElliotJ i guess the same is true for most providers offering "live chat support". That's why i don't understand why people want to use live chat - it is insecure and open to such problems. It is not that hard to login to your client are and submit a ticket...
no luck trying to decrypt the blobs
http://pastebin.com/FrHk9391
@gsrdgrdghd said: http://pastebin.com/FrHk9391
Thank you
My bad noobness, still don't know where are my faults
Now i know why it was not working. UG has changed the issuenumber blobs. lol!
lol, WHY Didnt the FBI take that cock sucker down, GearSec already released the Hacker's details
@Randy My guess is weekend and compiling the evidence. GearSec did a good thing there, but they aren't a legal authority. He'll be going down very soon.
they actiually got hold of his address , i think the hacker is not that stupid to put his address in public in the whois record right? LOL. its not a weekend? what are you talking about?