Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking for a VPS company that doesn't use WHMCS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking for a VPS company that doesn't use WHMCS

Shane_ElmoreShane_Elmore Member
edited May 2012 in General

After the WHMCS hacking, I'm a bit reluctant to use a VPS host that use WHMCS, which is not only probably a bit judgemental, but smart considering what else could be wrong with WHMCS.

So, any VPS hosts that dont use WHMCS?

«1

Comments

  • KairusKairus Member

    Nothing wrong with WHMCS. It wasn't a fault in WHMCS that caused the leak (can't even call it a hack...)

  • subigosubigo Member

    @Kairus said: Nothing wrong with WHMCS. It wasn't a fault in WHMCS that caused the leak (can't even call it a hack...)

    Right. Until the next WHMCS exploit. Now, instead of having time to patch the exploit, you'll be hit before you even know it exists. There are multiple exploit scanners out there now that have the url and IP of every single active WHMCS install in the world. No need to search for them in Google anymore.

  • JacobJacob Member

    Linode do not use WHMCS.

  • tuxtux Member

    OVH don't use WHMCS

  • Those kind of scanners for whmcs explouts existed some times before the hack last days.

  • BHostBHost Member

    I can't say I know all the details of the WHMCS leak to comment fully, but it doesn't seem likely that you need run from any current providers just because they use WHMCS.

    We actually use Ubersmith instead of WHMCS, which would seem to put us very much in the minority here. That said until recently there was no automated integration of Ubersmith with SolusVM, so it had to be scripted oneself rather than the easy integration WHMCS provides.

  • subigosubigo Member

    @HerrMaulwurf said: Those kind of scanners for whmcs explouts existed some times before the hack last days.

    lol... Have you ever actually downloaded one of the old "all in one" scanners that were out there? They had maybe 200-300 IPs in there, not 67,000 IPs. There's a big difference.

  • Normally I don't use those scanners @subigo. And yes, 67k IPs in one scanner is quite... shitty.

  • AsadAsad Member

    @HerrMaulwurf said: Those kind of scanners for whmcs explouts existed some times before the hack last days.

    Well now they have the location of most active WHMCS installations out there, if they find an exploit and want to do it against every installation. It's just gotten a whole lot easier.

  • KairusKairus Member

    It's not difficult to find big companies running WHMCS, 2 minutes on WHT and you can find huge targets.

  • Wait, he's back? When did he come back?

    Thanked by 1SrvisLLC
  • The WHMCS leak will only affect those with Credit Card Details stored with them and people that use the same password everywhere. We use randomized passwords for every login and we do not store credit card details with them.

    Also most hosts only offer PayPal ( like us ) so even if (unlikely) there was a HUGE whmcs bug where every single install was vulnerable as long as you don't share passwords over tickets and you change the default password after receiving your VPS you should not have a issue.

    @subigo WHMCS has been working hard for years to provide a secure panel. From what I have seen over the years they have been working the hardest, and they are the ones that get the brunt of the hacking attempts to begin with, so if everyone switches to a competitor of them then they will be the ones getting the attacks. ( sort of like Mac v. Windows ) From what I've seen all that was leaked was Passwords,Credit Cards, a Normal WHMCS install, and their website. Not anymore then anyone could have gotten from hacking any website running WHMCS, so I doubt this shows a weakness in their software.

    :3 I'm done. lol.

    Thanked by 1Spencer
  • yomeroyomero Member

    XenVZ

    Thanked by 1Infinity
  • ElliotJElliotJ Member

    6Sync.com and Alvotech.de come to mind.

    @yomero said: XenVZ

    +1

  • raindog308raindog308 Administrator, Veteran
    edited May 2012

    @subigo said: Right. Until the next WHMCS exploit. Now, instead of having time to patch the exploit, you'll be hit before you even know it exists. There are multiple exploit scanners out there now that have the url and IP of every single active WHMCS install in the world. No need to search for them in Google anymore.

    So are you going to switch from WHMCS?

    https://zensix.com/clients/submitticket.php?step=2&deptid=11

  • subigosubigo Member

    @ErrantWeb said: @subigo WHMCS has been working hard for years to provide a secure panel. From what I have seen over the years they have been working the hardest, and they are the ones that get the brunt of the hacking attempts to begin with, so if everyone switches to a competitor of them then they will be the ones getting the attacks. ( sort of like Mac v. Windows ) From what I've seen all that was leaked was Passwords,Credit Cards, a Normal WHMCS install, and their website. Not anymore then anyone could have gotten from hacking any website running WHMCS, so I doubt this shows a weakness in their software.

    I never said anyone should switch. I just said future exploits will now be able to hit people before WHMCS warns them (not that WHMCS has a good track record or warning people in a timely manner). Personally, I'll probably start working on my own system this weekend, but I don't care what other people do.

  • subigosubigo Member

    See the above post. Yes. It will probably take a few months, but yes.

  • u4iau4ia Member

    interserver.net does not use WHMCS, and still falls into the LEB category starting at $6/mo. Linode is another I know of, but not LEB starting at $20/mo.

    edis.at was the only other one I knew of, but they actually switched over to WHMCS recently.

  • cedriccedric Member
    edited May 2012

    @ElliotJ said: 6Sync.com

    6sync uses WHMCS for their billing/ticket backend - https://secure.6sync.com/portal/?licensedebug

  • WHMCS (The system) was not hacked.

    I dont see the problem as of yet, I WILL be moving from WHMCS, but I am not in a hurry.

  • BuyVM uses WHMCS

    Truthfully, I don't give a crap. They can't leak anything more than what the official one did. Used paypal too, so surefine by me.

    Rule of thumb for me in hosting: never use your cc for it.

  • AldryicAldryic Member

    @Wintereise said: Rule of thumb for me in hosting: never use your cc for it.

    There's a reason that I removed all stored CCs and put an end to automated payments a couple years back.

  • RandyRandy Member

    whmcs is a great software, its still safe. 90% of the host are still using WHMCS.

  • NateN34NateN34 Member

    Hetzner does not use WHMCS.

  • HostBluff does not use WHMCS, you have to mail in your payments.

    Thanked by 2NateN34 maxexcloo
  • BHostBHost Member

    For all the talk of exploit scanners, I'm imagining that you can move your license between IPs, or reissue it?

    So all a host need do is change the IP of their WHMCS instance to avoid being in the list of 67k addresses referred to.

    Thanked by 1maxexcloo
  • miTgiBmiTgiB Member

    @BHost said: For all the talk of exploit scanners, I'm imagining that you can move your license between IPs, or reissue it?

    I've not looked at the exploit scanners, but anyone who has, are they by IP or URL? I tend to think by URL, and if true, you would need to change the location, not IP of your install to allude the scanners.

  • jarjar Patron Provider, Top Host, Veteran
    edited May 2012

    Some are URL, some are IP from the listings I've seen. I imagine it has to do with the state of things at the time you activated the license to the current IP/URL. But even then it was IP/subfolder or something, so URL still related. I guess a lot depends on what table they're running it off of.

  • BHostBHost Member
    edited May 2012

    @miTgiB said: I've not looked at the exploit scanners, but anyone who has, are they by IP or URL? I tend to think by URL, and if true, you would need to change the location, not IP of your install to allude the scanners.

    That would make sense and ofc be more of a problem. Haven't looked at the leak myself, just the fact that above was refering to IPs rather than hosts.

  • OliverOliver Member, Host Rep

    They're by IP and sub-directory, so there's a row in the table for the IP, and another for the subdirectory. So if you move your install to another subdirectory and or to another server altogether with a different subdirectory whoever scans you will get a 404.

    I just moved my install to a different subdirectory and had the license reissued...

Sign In or Register to comment.