Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Web Hosting Discussion > WHMCS.com website hacked - security precautions inside
forgot password?



Reply


Old
  Post #16 (permalink)   05-22-2012, 07:04 AM
HD Amateur
 
Join Date: Oct 2011
Posts: 83

Status: qhoster is offline
It is not the WHMCS software which is vulnerable seems but low security on the WHMCS system side.
__________________
QHoster.com - Unlimited-Domain Hosting | Shared & Reseller with cPanel, Softaculous
Managed Linux and Windows RDP VPS - UK, Germany and USA | OpenVPN/PPTP Enabled
Instant setup | PayPal, Moneybookers, AlertPay, Perfect Money, WebMoney ,Bitcoin
 
 
 


Old
  Post #17 (permalink)   05-22-2012, 07:58 AM
HD Addict
 
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
Quote:
Originally Posted by easyhostmedia View Post
Hostbill is OK, but only annual plans

But we are moving to Clientexec, since the WHMCS DB has been leaked we have had 4 client cancellation requests, so we have disabled our WHMCS client area and placed a note on our home page stating orders have been suspended.
I don't understand the reason of cancelling WHMCS? There software was not vulnerable. They were hacked at that time too you were safe. Just you need to change details in whmcs.com client area to take precaution. There were big companies got hacked in past Microsoft, Google, yahoo xss which brutally ****ed yahoo emails, Kaspersky and many. Did you stopped using them?

So that means your business rely on total software the provider is giving, you cannot take security measures by yourself. Client cancelled ordered because of whmcs.com hacked , they must be some special who don't understand technology too much. Even whmcs took online there validation server after 50 min. So what you expect from a company who understand the client issue and fir take their needful things online instead of the other major things they could have done

The guys who understand these things wont never leave a company with a proper reason to do.
 
 
 


Old
  Post #18 (permalink)   05-22-2012, 08:04 AM
HD Amateur
 
Join Date: Feb 2012
Location: Manchester
Posts: 67

Status: Posilan is offline
Quote:
Originally Posted by easyhostmedia View Post
since the WHMCS DB has been leaked we have had 4 client cancellation requests, so we have disabled our WHMCS client area and placed a note on our home page stating orders have been suspended.
This is a silly kneejerk reaction. It's only going to cause your business more damage than good. By posting that on your website, you are almost admitting (incorrectly) they your customers should be worried that thier data has been compromised.

WHMCS scripts themselves were not hacked. They just managed to obtain root/cpanel access to the server and took a full backup/sql dump.

The only matters for concern for you are the contents of support tickets (if you gave them login details, they should have only been temporary user/passes anyway!) and if your credit card details were stored there.

Steve
__________________
Posilan Ltd - Manchester, United Kingdom - +44 (0)161 660 7471
Complete IT services - www.posilan.com
UK Web Hosting | Cloudlinux cPanel | Softaculous | Domain names | VPS | Colocation
 
 
 


Old
  Post #19 (permalink)   05-22-2012, 09:42 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,431
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
the whole of the WHMCS database has been made publically available by the hackers, so all details held by WHMCS has now been made public. Also when i have clients leaving me due to this then i will take action
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #20 (permalink)   05-22-2012, 10:03 AM
HD Amateur
 
Join Date: Feb 2012
Location: Manchester
Posts: 67

Status: Posilan is offline
Quote:
Originally Posted by easyhostmedia View Post
the whole of the WHMCS database has been made publically available by the hackers, so all details held by WHMCS has now been made public. Also when i have clients leaving me due to this then i will take action
I'm aware of the leaked data and the main concerns would be if you have stored a credit card or if you put information in tickets that ought not to be there such as still live passwords etc.

If your customers have been worried about it, it would have been far better (IMO) to reassure them that none of their information had been compromised and it was not your server that had been hacked, rather than plaster a banner across your website stating WHMCS had been hacked and you have shut down your online ordering system as a result - this alone is likely to cause panic to your customers who probably were either unconcerned or not aware of the problem in the first place.

Remember - the hack that happened can happen on any platform - it was not caused by WHMCS software.

Steve
__________________
Posilan Ltd - Manchester, United Kingdom - +44 (0)161 660 7471
Complete IT services - www.posilan.com
UK Web Hosting | Cloudlinux cPanel | Softaculous | Domain names | VPS | Colocation
 
 
 


Old
  Post #21 (permalink)   05-22-2012, 10:11 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,431
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by Posilan View Post
I'm aware of the leaked data and the main concerns would be if you have stored a credit card or if you put information in tickets that ought not to be there such as still live passwords etc.

If your customers have been worried about it, it would have been far better (IMO) to reassure them that none of their information had been compromised and it was not your server that had been hacked, rather than plaster a banner across your website stating WHMCS had been hacked and you have shut down your online ordering system as a result - this alone is likely to cause panic to your customers who probably were either unconcerned or not aware of the problem in the first place.

Remember - the hack that happened can happen on any platform - it was not caused by WHMCS software.

Steve
I have reassured my clients and only placed a one line on my page after reassuring my clients, stating that due to the WHMCS hack the clientarea has been disabled and ordering suspended.

but these clients have also read the WHT thread that doubts the security WHMCS has in place with hostgator etc.
If clients leave this reduces revenue, so i have to do something about this and if this means moving from WHMCS then this is what i am prepared to do. I have just p[aid my WHMCS invoice so this will remain up for a month to see if anything happens, but i am moving my clients to a CE install ( at least they own their equipment and use inhouse techs etc.)
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #22 (permalink)   05-22-2012, 10:13 AM
HD Addict
 
Join Date: Jan 2012
Location: Indianapolis Indiana
Posts: 145

Status: agentblack is offline
Sad day indeed. Hopefully they are able to get things corrected and not too many details were unencrypted.

easyhostmedia, I wouldn't suggest pulling a "knee jerk reaction" and bail to a different billing system. It is ALOT of work to build a new billing system correctly for your products and make sure the flow of things is proper.

While we use ClientExec currently and it works for us, it is lacking in several features that we wish we had, that are included by default in WHMCS. We used WHMCS in the past but it had a bug that they were less than enthused about fixing so we left. However that issue has been resolved and we would love to switch back, however, when comparing apples to apples and rebuilding everything we have in our current billing system into a new one, is a not a cheap or easy task.

Sure they have import scripts but I have seen those go horribly wrong and not work properly. Plus we would now have to teach/tell our clients how to use the new billing system after they are already comfortable with the current system.

My suggestions for any host running WHMCS or any billing machine for that matter: DON'T PANIC!!! Start immediately with a top down/inside out, every square inch security inspection of your billing servers. Disable unneeded ports, use complex passwords greater than 16 characters, disable root access if possible, install a good firewall, review logs for any strange activity, and be honest with your clients.

Honesty with your clients will go a long ways to improve your relations with them during times of outages or what not. Who likes to admit they made a mistake or they are having network issues? No one obviously, but clients appreciate the honesty and are more likely to stay with you after the trouble passes if you take care of them.

Easyhostmedia i think what you should do at this point, is email your clients, explain the issues, give them steps to take to secure their whmcs accounts and their user accounts on the servers, disable the orders for a day or so to do your security audit, post a message on your systems as to WHY you are doing such said things and give them a time frame on when it will be completed.

Also talk to the clients who canceled, find out why they canceled and see if you can dispell any misinformation they may have. Who knows, going above/beyond might earn you a bigger chunk of their business.

everyone just needs to take a deep breath about this incident and don't make any rash decisions yet until more details come out, but a top down security audit is probably in order anyways for everyone.
__________________
Agent Black Web Hosting - Stop being an account number, come to the host who treats you like the individual you are. Offering Shared, Cloud Servers, Dedicated Servers, and Domain Name Registrations.
 
 
 


Old
  Post #23 (permalink)   05-22-2012, 10:23 AM
HD Addict
 
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
I dont understand why your clients needs to worry? did whmcs.com have your site database? were your site database was leaked? was your client ordered something from you and you store their info at whmcs.com database? are you matt the owner of whmcs and also running a hosting business? What problem did you and your client faced? Just think before moving to someone else.

what if someone gain your client email id access and open a ticket and ask for server login details. wont you provide it? if no then they are going ot leave you too. if yes then means you are also vulnerable and customer should leave you

Now tell me whmcs was hacked and you were using it. Sincerely no one should use you as a hosting provider. why should they use you when you use something which was hacked?

There are many thing to understand not just saying anything and doing without a reason
 
 
 


Old
  Post #24 (permalink)   05-22-2012, 10:31 AM
HD Amateur
 
Join Date: Feb 2012
Location: Manchester
Posts: 67

Status: Posilan is offline
Quote:
Originally Posted by easyhostmedia View Post
I have just p[aid my WHMCS invoice
Ironically, ours renewed yesterday and now they've restored the site we got an overdue payment email a while back as the restored system has no knowledge of the payment.

Waiting for a ticket reply on that one

Steve
__________________
Posilan Ltd - Manchester, United Kingdom - +44 (0)161 660 7471
Complete IT services - www.posilan.com
UK Web Hosting | Cloudlinux cPanel | Softaculous | Domain names | VPS | Colocation
 
 
 


Old
  Post #25 (permalink)   05-22-2012, 10:34 AM
HD Guru
 
HostLeet's Avatar
 
Join Date: May 2009
Location: Florida, USA
Posts: 878

Status: HostLeet is offline
Very unfortunate, indeed..

It's a good thing I pay all my invoices with them, using PayPal, so no card details will be compromised.

I wish Matt and WHMCS the best of luck, and I hope they can learn from this so that it NEVER happens again.
__________________
HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
Fast Reliable Affordable Secure Friendly & Courteous
RISK-FREE Money Back Guarantee PCI-Compliant Checkout
 
 
 


Old
  Post #26 (permalink)   05-22-2012, 10:46 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,431
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
spoke at length to one of the WHMCS techs on the phone early today (since this happened i have had about 1 hrs sleep) locking down everything, emailing clients with updates as matt released them and even telephoning clients.
dont forget the hackers had control of the licence servers as Matt had everything on the 1 box, so they have every licence issued along with install directories and IPS used.

I actually had 23 clients request cancellation once the DB was released by the hackers, but after many hours on the phone etc. most have withdrawn the cancell requests, i still have 4 that still want to leave if i stay with WHMCS.

WHMCS are under a major DDOS attack at the moment (since 1am) so their site is up and down.

I have still taken orders today, but manually as when anyones contacted me i have asked them to state the plan and provide their details through livechat and i have manually invoiced them and manually set up the orded on the servers.
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #27 (permalink)   05-22-2012, 10:58 AM
HD Amateur
 
Join Date: Feb 2012
Location: Manchester
Posts: 67

Status: Posilan is offline
Quote:
Originally Posted by easyhostmedia View Post
spoke at length to one of the WHMCS techs on the phone early today (since this happened i have had about 1 hrs sleep) locking down everything, emailing clients with updates as matt released them and even telephoning clients.
dont forget the hackers had control of the licence servers as Matt had everything on the 1 box, so they have every licence issued along with install directories and IPS used.

I actually had 23 clients request cancellation once the DB was released by the hackers, but after many hours on the phone etc. most have withdrawn the cancell requests, i still have 4 that still want to leave if i stay with WHMCS.
That's totally bizzare - we have had one client ask us if we had heard what had happened. That's it.

Do you maybe think that your emailing customers and posting on your website has worried your customers more than necessary and in turn given them the feeling that their data had been compromised and causing them to panic?

As for them getting the install directories and IP addresses, well the IP address you can get with a ping, the licence information by adding /?licensedebug to the end of the installation URL and the install directory shouldn't be an issue if the box is secure anyway.

Steve
__________________
Posilan Ltd - Manchester, United Kingdom - +44 (0)161 660 7471
Complete IT services - www.posilan.com
UK Web Hosting | Cloudlinux cPanel | Softaculous | Domain names | VPS | Colocation
 
 
 


Old
  Post #28 (permalink)   05-22-2012, 11:08 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,431
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by Posilan View Post
Do you maybe think that your emailing customers and posting on your website has worried your customers more than necessary and in turn given them the feeling that their data had been compromised and causing them to panic?
I never had 1 enquiry after posting the basic information of the hack and that our server was secure and not compromised. it was only after it was reported (not by me) that the hackers had made publically available the WHMCS DB that clients started to contact me and this is when i placed the notice on my site
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #29 (permalink)   05-22-2012, 11:15 AM
HD Amateur
 
Join Date: Feb 2012
Location: Manchester
Posts: 67

Status: Posilan is offline
Quote:
Originally Posted by easyhostmedia View Post
I never had 1 enquiry after posting the basic information of the hack and that our server was secure and not compromised. it was only after it was reported (not by me) that the hackers had made publically available the WHMCS DB that clients started to contact me and this is when i placed the notice on my site
Ah well, hopefully lessons will be learnt by WHMCS (it sounds like they are setting up some form of proper infrastructure now) to prevent similar in the future.

It's a difficult time for the guys at WHMCS, but it could have been a lot worse - at least it wasn't an exploit in WHMCS itself - that would have been worrying.

Steve
__________________
Posilan Ltd - Manchester, United Kingdom - +44 (0)161 660 7471
Complete IT services - www.posilan.com
UK Web Hosting | Cloudlinux cPanel | Softaculous | Domain names | VPS | Colocation
 
 
 


Old
  Post #30 (permalink)   05-22-2012, 11:20 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 5,431
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
this will place the release of 5.1 on the back burner
__________________
Terry Robertson - CEO The Easyhost Media Group
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers

Last edited by easyhostmedia : 05-22-2012 at 11:22 AM.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: