Hosting Discussion

Hosting Discussion (https://www.hostingdiscussion.com/)
-   Web Hosting Discussion (https://www.hostingdiscussion.com/web-hosting-discussion/)
-   -   WHMCS.com website hacked - security precautions inside (https://www.hostingdiscussion.com/web-hosting-discussion/29572-whmcs-com-website-hacked-security-precautions-inside.html)


easyhostmedia 05-21-2012 11:10 AM

WHMCS.com website hacked - security precautions inside
 
As you may be aware whmcs.com (the website) has been hacked. Unfortunately this means they would have gained access to the tickets & personal details on the WHMCS website.

I'm posting this in order to make sure you take the best steps for safety if using WHMCS.

I recommend the following:

- change all passwords including WHMCS, cPanel, WHM
- if you had your credit card details stored with WHMCS cancel the card with your bank immediately
- change your PayPal login for safety
- make a backup of your WHMCS database and website files (to be on the safe side)

You may also want to limit access to your client area under setup > general settings > maintenance mode until the problem is diagnosed by WHMCS.

Note: If you can't login to WHMCS don't panic, it's because their licensing server is offline.

The main communication spot for WHMCS customers appears to be the following thread which I recommend subscribing to for updates from WHMCS:

http://www.webhostingtalk.com/showthread.php?p=8137981

Bullten 05-21-2012 11:47 AM

wtf man....

easyhostmedia 05-21-2012 11:55 AM

Quote:

Originally Posted by Bullten (Post 154799)
wtf man....

its 100% true and Matt had his own emails compromised. the hacker has even taken control of the WHMCS tweets.

Bullten 05-21-2012 11:56 AM

hmmm. r u sure it isnt the software issue?

easyhostmedia 05-21-2012 11:58 AM

no read

http://www.webhostingtalk.com/showthread.php?p=8137981

it was def hacked. latest tweet

Full #database of http://www.whmcs.com will be #leaked soon. - Cosmo #UGNazi @UG @JoshTheGod @ThaCosmo @le4ky

Artashes 05-21-2012 12:35 PM

You'd think that companies that are expected to set the standards would follow basic principles in protecting customer data. After all, it is not the first nor the last company to become a victim of an attack. In recent memory, WebHostingTalk has lost data and their customer billing details have been leaked due to same PCI compliance issues.

How much money one has to earn to start thinking about investing in proper security? Where does this mentality of being untouchable come from?

I am extremely sad that it happened and I hope that the team behind WHMCS will do their best in minimizing the impact on their customers and themselves. I wish Matt the best of luck in dealing with this nightmare. There is absolutely nobody who ever wants to be in this position.

Jgwynne 05-21-2012 12:55 PM

That's not good for WHMCS.

how many million's of people use it (including me!)

joe

easyhostmedia 05-21-2012 12:56 PM

Quote:

Originally Posted by Artashes (Post 154804)

How much money one has to earn to start thinking about investing in proper security? Where does this mentality of being untouchable come from?
.

well they are on a managed server with Hostgator so say no more

easyhostmedia 05-21-2012 02:40 PM

I just wonder how many WHMCS users are unaware of this hack that could of had their own installations compromised.

If Jack from zomex had not messaged me then i would have not know

keshavmhin23 05-21-2012 09:28 PM

WHMCS and Licensepal both have send email to their customers as i received one email from them too, thus i believe most of the user shall be now aware of the issue, i myself have immediately reset our all passwords shared to whmcs for security reasons as required.

handsonhosting 05-21-2012 11:16 PM

Sad that the database information, and server login information (from inside tickets) were also all compromised.

Thankfully our information isn't on file with them, but there thousands of people who are on file. It'll be interesting to see how things play out here over the next few days/weeks.

rds100 05-22-2012 12:50 AM

I am not that worried about the whmcs.com database being leaked. I am more worried if their source code was leaked.
Every software has bugs. The bigger the software - the more bugs there are. And now the bad guys might have access to all the source and can find bugs, which we cannot find and patch ourselves. This is bad.
I think what whmcs should do now is release the source officially.

easyhostmedia 05-22-2012 02:09 AM

UGNazi Leaks 1.7 GB of Data from WHMCS Servers

http://news.softpedia.com/news/UGNaz...s-270914.shtml

how much more will they leak out. i think its time to move

rds100 05-22-2012 02:42 AM

@easyhostmedia move to what? Can you point us to something better, or at least on par with whmcs?

easyhostmedia 05-22-2012 05:05 AM

Quote:

Originally Posted by rds100 (Post 154818)
@easyhostmedia move to what? Can you point us to something better, or at least on par with whmcs?

Hostbill is OK, but only annual plans

But we are moving to Clientexec, since the WHMCS DB has been leaked we have had 4 client cancellation requests, so we have disabled our WHMCS client area and placed a note on our home page stating orders have been suspended.


All times are GMT -6. The time now is 07:31 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0