Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Operating a Web Hosting Business > Billing and Accounting > Anyone else had their WHMCS Google gateway hacked?
forgot password?



Reply


Old
  Post #1 (permalink)   11-30-2012, 04:08 PM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
Information removed!
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.

Last edited by technut : 11-30-2012 at 04:29 PM. Reason: Safety
 
 
 


Old
  Post #2 (permalink)   12-01-2012, 12:41 PM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
If you're seeing hacking going on in WHMCS, I recommend reporting to WHMCS immediately. You'll receive better responses and communication through their forums also.
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #3 (permalink)   12-01-2012, 05:38 PM
HD Newbie
 
Join Date: Nov 2012
Posts: 48

Status: Criot is offline
Agreed with the above, you definitely need to report this to WHMCS asap, if it is actually a hacking, then this'll probably need to be patched by them as soon as possible before many other clients billing systems are at risk.
 
 
 


Old
  Post #4 (permalink)   12-02-2012, 12:51 AM
HD Addict
 
Join Date: Apr 2011
Location: Varna, Bulgaria
Posts: 100

Status: rds100 is offline
If it was a new WHMCS exploit you would see a lot of hosts being hit with it, before it gets widely known and patched. More likely it is something old and overlooked by the OP, like the well known boleto module vulnerability.
 
 
 


Old
  Post #5 (permalink)   12-02-2012, 09:09 AM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
We have decided in the best interest of any WHMCS v5.0.3 user to re-post this information.

On 11/30/12 while using our WHMCS v5.03 we had to stop using our Google Checkout payment gateway as someone from a Turkey IP: 78.161.20.35 and Host: 78.161.20.35.dynamic.ttnet.com.tr hacked through our WHMCS and faked a payment of $97.95 from Google Checkout/ Wallet.

This issue has been confirmed by another WHMCS user this is indeed an issue. They had someone add funds via Google Checkout / Wallet and then apply the funds to their purchased service. The payment posts to WHMCS and all is green except that the transaction is fake and doesn't show in Wallet. Luckily we verify all orders/transactions.

I have contacted Matt at WHMCS but as yet not been contacted. Should you like more detailed information please PM me.

Regards.
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.
 
 


Old
  Post #6 (permalink)   12-02-2012, 04:36 PM
HD Master
 
Join Date: Dec 2005
Posts: 353
Send a message via AIM to lowesthost

Status: lowesthost is offline
WHMCS v5.0.3 is old
WHMCS Version: 5.1.2 is the current version
__________________
Lowest Host/Empire Technology LLC
Offering Quality Shared, Reseller, VPS servers, and Dedicated Servers
24x7 Tech Support http://empire-hosting.net
cPanel Licenses http://empire-hosting.net/buy-cpanel.html - Dedicated VPS /
 
 
 


Old
  Post #7 (permalink)   12-02-2012, 04:40 PM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
Quote:
Originally Posted by lowesthost View Post
WHMCS v5.0.3 is old
WHMCS Version: 5.1.2 is the current version
Understood, but when we upgraded our sister site to v5.1.2 it had so many bugs we decided to not upgrade everywhere until they got it all sorted out. And we are not the only ones to not upgrade we hear.

Thanks for the post.
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.
 
 
 


Old
  Post #8 (permalink)   12-02-2012, 04:43 PM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
WHMCS has identified the cause of the problem and are currently testing a solution to it. As soon as that's complete they'll be releasing an update which they expect to be within the next 12-18 hours. In the meantime simply disabling the Google Checkout module, or deleting the callback file from the /modules/gateways/callback/googlecheckout.php location will protect you against this and ensure you aren't at risk.

Regards.
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.
 
 
 


Old
  Post #9 (permalink)   12-03-2012, 08:13 AM
HD Master
 
Join Date: Dec 2005
Posts: 353
Send a message via AIM to lowesthost

Status: lowesthost is offline
looks like the found the issue a patch was sent out this morning
__________________
Lowest Host/Empire Technology LLC
Offering Quality Shared, Reseller, VPS servers, and Dedicated Servers
24x7 Tech Support http://empire-hosting.net
cPanel Licenses http://empire-hosting.net/buy-cpanel.html - Dedicated VPS /
 
 
 


Old
  Post #10 (permalink)   12-03-2012, 09:27 AM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
Hello,

We received a reply from WHMCS this AM and understand the WHMCS Google Payment Gateway Addon hack has affected all versions of WHMCS.

=================================
Please read Matt's reply below:

"I'm pleased to advise that a patch is now available for this. The full details can be found @ http://forum.whmcs.com/showthread.php?64778

The Google Checkout issue I can confirm does affect all versions.

Any problems or questions, please let me know.

Regards,

Matt"
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.
 
 
 


Old
  Post #11 (permalink)   12-03-2012, 04:13 PM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
It wasn't really made clear in the security alert email if the google checkout issue effects 5.0.3 so I emailed WHMCS to clarify.

"Hello

Yes 5.0.3 is effected also, however with 5.0.3 you can simply apply the 5.1 modules/gateways/callback/googlecheckout.php you don't need to apply the dbconnect from 5.1 (this will stop your install working)

If you have any further questions, just let us know.

Regards
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.
 
 
 


Old
  Post #12 (permalink)   12-03-2012, 07:01 PM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Looks good, thanks for the update! I saw the security alert come in from WHMCS last night and while the issue didn't affect us directly, it's nice to see it all got resolved.

Thanks for the update here on the forums!
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #13 (permalink)   12-05-2012, 07:45 AM
HD Addict
 
Join Date: Nov 2012
Posts: 168

Status: Epidrive is offline
Not that im aware of, no.
I believe the new patch of WHMCS is already clean.
__________________
Epidrive Webhosting Solutions
Click here to see our running promotions!
Like us on Facebook: fb.com/epidrive
Follow us on twitter: twitter.com/epidrive
 
 
 


Old
  Post #14 (permalink)   12-05-2012, 10:41 AM
HD Addict
 
Join Date: Jun 2010
Location: Portland, Oregon
Posts: 115

Status: technut is offline
We are personally letting everyone know if you had any kind of [SQL Injection] attack before applying the latest security patch issued from WHMCS you were at risk in other areas of your WHMCS application so be aware and thoroughly check your application data!

Regards.
__________________
Hostmy1stweb.com - Affordable Web Hosting
HOSTING l SSL l DOMAINS l MODULES l SUBMISSIONS l AFFILIATES
Providing low cost "Value" Web Hosting since 1999.
 
 
 


Old
  Post #15 (permalink)   12-05-2012, 01:11 PM
HD Newbie
 
Join Date: Nov 2012
Posts: 48

Status: Criot is offline
Quote:
Originally Posted by technut View Post
We have decided in the best interest of any WHMCS v5.0.3 user to re-post this information.

On 11/30/12 while using our WHMCS v5.03 we had to stop using our Google Checkout payment gateway as someone from a Turkey IP: 78.161.20.35 and Host: 78.161.20.35.dynamic.ttnet.com.tr hacked through our WHMCS and faked a payment of $97.95 from Google Checkout/ Wallet.

This issue has been confirmed by another WHMCS user this is indeed an issue. They had someone add funds via Google Checkout / Wallet and then apply the funds to their purchased service. The payment posts to WHMCS and all is green except that the transaction is fake and doesn't show in Wallet. Luckily we verify all orders/transactions.

I have contacted Matt at WHMCS but as yet not been contacted. Should you like more detailed information please PM me.

Regards.
In which case, upgrading to the latest version of WHMCS may patch this issue.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: