New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Unless someone wants to pull a Metallica on Napster scenario, probably nothing.
Depends on the extent of the damage to any stolen cards. Following SOP, nothing other than a cursory sniff and examination will be done unless the IP you used happens to be involved in other... monitored activity.
I'd bet money that nothing will happen to anyone but the original uploader. Well, them and the people that fucked around with stolen card info.
@bijan588 Offtopic: You do know your order page gives a 404 ?
I believe he shut it down because of this?
Today is a good day for 404 on order pages I'm afraid. I don't care what anyone says, WHMCS is never going live on my server again. If you can't keep your email under control, or even notice that it isn't, I can't trust your code.
We'll let it live for now until something comes along to replace it... Can't replace Rome in one night :P
We did however ask for a large credit to be placed on our bill hopefully they grant it so that we can keep our license while building an alternative :P
Shit happens
The same thing that happens to people who download every other leaked database out there. Nothing.
If your name and information are in the database, you have every right to check it out.
@PytoHost That it does, just removing myself from this particular pile of it
I don't think that's how it was done though from what I've heard? It seems like totally hostgator's fault.
They gained access to his email to interact with HostGator.
Email accesses happen every day, even a max character string is breakable... It could have happened easily any time to anyone. The problem I have is that Host Gator gave away the needed information without even bothering to call the owner of the company about the request.
On top of that WHMCS reacted in exactly the opposite way they should have: They should have notified everyone first, then restored their licenses then their site. Instead they restored their site, restored their licenses and finally notified everyone. That's why I'm unhappy.
I'm not even important and I can't go any significant amount of time without noticing if I have lost access to my email or if there is activity on my email, at least on important accounts. Plenty of alerts capable of waking me. I doubt host gator did this without ever sending one email to his address, and I simply cannot overlook the idea that I'm more paranoid about my important email accounts than the provider of such a profitable and vital piece of software. I'm not saying I can't be hacked, I'm saying I can't be caught unaware for a significant amount of time. It isn't to brag, I thought anyone with something to lose would do the same.
@Freek
I was being careful, I just moved the dir and 000ed it.
I now have it live again, temporarily.
According to their site:
"The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details."
-- So apparently this hacker not only knew access details, he knew the verification questions which leads me to believe disgruntled employee.
Correct. This is why it's not Hostgator's fault at all (and I'm not a fan of Hostgator).
This is 100% Matt's fault for running a company that makes $500,000+/MONTH and relying on a dedicated server with cPanel installed and "managed" by HG. He should have had his own servers and his own network admins and security techs. He's either cheap, stupid, or both. He has no excuse. At all.
This is the biggest fuck up I've seen in the hosting industry in a very long time. Maybe ever.
I agree. At least purchase a server from a big management company to manage the server and protect our data.
Enough derail, put it back on the main thread.
The sad part is most of them are full of shit and just have some pre-made scripts. At the level of cash they had they could have afforded to drop $60k/y on a good, solid, unix guy and have the whole thing running w/o a control panel.
I am not that worried about the whmcs.com database being leaked. I am more worried if their source code was leaked.
Every software has bugs. The bigger the software - the more bugs are there. And now the bad guys have access to all the source and can find bugs, which we cannot find and patch ourselves. This is bad.
I think what whmcs should do now is release the source officially.
not 100% that source was taken.
I'm being hopeful in thinking that the only computer with ioncube's encoder would be Matt's personal dev box. I can't see him having ioncuber running on the dedi =\
Francisco
I didn't see the source anywhere. The install on their site was encoded.
Which is good, who knows what other accounts existed on the box though
I'm being hopeful. Cramming mod_sec/etc on your billing servers wouldn't be a terrible idea though.
Francisco
@Francisco let's hope, but...
First such big software is not developed by just one man on his personal computer. They must have code repository, etc. Now it would be stupid to use the same server for both software development and their website, but... who knows. Considering whmcs's twitter got owned too, not sure what passwords, etc. the hackers were able to get.
The twitter was likely bound to the account in question and the people did a forgot password.
Given he hasn't reclaimed it, it makes me think a @gmail.com email got jacked and he didn't have the extra recovery settings there
Francisco
UGNazi gave this reason.
"Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi"
Then again, there's thousands of emails and other things that people haven't gone through completely yet. The source could still show up somehow.
Jesus christ, imagine it just being attached to some outbound email.
"Here ya go, lemme know when you want to start working on this all."
Fuuuuuu
Francisco
Uhm... maybe I'm crazy, but this company doesn't act like they own big software, they act like they're battling script kiddies not real world hackers :P