1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

WHMCS.com Database Hacked!

Discussion in 'Security' started by PK-Host, May 21, 2012.

  1. #1
    PK-Host, May 21, 2012 IP
    SEMrush
  2. 0x3

    0x3 Active Member

    Messages:
    138
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    61
    #2
    They never care about security, only $$$.... when the 0d4y exploit published on Dec 2011 we did report then on 1st Dec about it before anyone know about it and they ignore us for 3 days and then email us that there is no way to have an such like that exploit on whmcs, now they are hacked twice on 1 year...

    all our data and visa, tickets, passwords are leaked! and who is responsible... who trust them ONLY! WE.
     
    0x3, May 21, 2012 IP
  3. indiajobvacancy

    indiajobvacancy Banned

    Messages:
    341
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    People who has big business always busy with their business.. Thats why big business can be easily down. Especially for online business such as services/product like WHMCS.

    WEIRD!
     
    indiajobvacancy, May 21, 2012 IP
  4. MarcL

    MarcL Notable Member

    Messages:
    4,250
    Likes Received:
    77
    Best Answers:
    0
    Trophy Points:
    215
    #4
    In that case I dont think they will last. Capitalism is setup for it. If they keep failing another company will take their job over.
     
    MarcL, May 21, 2012 IP
  5. indiajobvacancy

    indiajobvacancy Banned

    Messages:
    341
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Wait! I got mail

     
    indiajobvacancy, May 22, 2012 IP
  6. copxxx

    copxxx Well-Known Member

    Messages:
    375
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    130
    #6
    What a fcking shame! Matt couldn't afford few admins ... khm, I mean nobody monitored the servers.

    Poor guy, they only got 60k active license ... do the math ^^
     
    copxxx, May 22, 2012 IP
  7. 0x3

    0x3 Active Member

    Messages:
    138
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    61
    #7
    That's right copxxx, if he did he safe him self from any attack in future... think outside the b0x always!
     
    0x3, May 22, 2012 IP
  8. chtdatweb

    chtdatweb Well-Known Member

    Messages:
    1,475
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    110
    #8
    It was not their fault actually just search the web. It was down to HOSTGATOR there hosting provider who were subject to a social engineering hack. i.e. a person obtaining information for another by deception.

    How the hacker managed to pass the verfication questions and then GIVEN the admin password who knows. But it does make you wonder no matter how tight your security can be it only takes a person in an important position to be fooled that can create chaos.
     
    chtdatweb, May 24, 2012 IP
  9. rahuldas14

    rahuldas14 Well-Known Member

    Messages:
    677
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    130
    #9
    Well if you are handling such a business you ought to have security. Social Engineering hack is not a full proof hack. There can be enough security agaisnt these kind of attacks. Now all that needs to be seen is if all the customer data they had were encrypted or not.... specially the credit card details.
    I just hope no-one suffers badly.
     
    rahuldas14, May 24, 2012 IP
  10. 0x3

    0x3 Active Member

    Messages:
    138
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    61
    #10
    It is published and i did encrypt my visa with-in 1 sec.... the others 500 CC card i can encrypt them with-in 5 mints... but then, who will be responsible for leak my visa card and yours??
     
    0x3, May 25, 2012 IP
  11. coolrohit222002

    coolrohit222002 Well-Known Member

    Messages:
    504
    Likes Received:
    13
    Best Answers:
    3
    Trophy Points:
    140
    #11
    I already changed my password the moment i read this. Thanks.
     
    coolrohit222002, May 25, 2012 IP
  12. rahuldas14

    rahuldas14 Well-Known Member

    Messages:
    677
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    130
    #12
    Well as a Technolegal & Infosec guy I can tell you that if legal action is taken WHMCS can end up in huge trouble. But it all depends on the country and analysis of its existing security measure.
    So if you suffer loss of any form you can sue the company.
     
    rahuldas14, May 25, 2012 IP
  13. dir18

    dir18 Active Member

    Messages:
    256
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    65
    #13
    Woowwww!!! Now Matt will spend penny $0.0001 to secure our private details.. :rolleyes: :rolleyes: :rolleyes:


    @DP Users: Please switch to other billing script otherwise you will lose your business..
     
    dir18, May 25, 2012 IP
  14. stardust.x7

    stardust.x7 Active Member

    Messages:
    369
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    90
    #14
    Appreciate it :rolleyes:
     
    stardust.x7, Jun 8, 2012 IP
  15. dom19

    dom19 Active Member

    Messages:
    344
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    53
    #15
    But, anyone know whmcs fix the bug ?
     
    dom19, Jun 12, 2012 IP
  16. chtdatweb

    chtdatweb Well-Known Member

    Messages:
    1,475
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    110
    #16
    Read carefully, there was no bug in the software. it was a Social Engineering Hack.
     
    chtdatweb, Jun 14, 2012 IP
  17. 0x3

    0x3 Active Member

    Messages:
    138
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    61
    #17
    There is 2 0d4y exploit for whmcs now, 1 patched in 1st May, and the other still 0d4y in underground forums... keep your eyes on Apache logs ;).
     
    0x3, Jun 18, 2012 IP
  18. chtdatweb

    chtdatweb Well-Known Member

    Messages:
    1,475
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    110
    #18
    Is WHMCS aware of this? and what the hell is a 0d4y exploit?
     
    chtdatweb, Jun 27, 2012 IP
  19. 0x3

    0x3 Active Member

    Messages:
    138
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    61
    #19
    It's unknown vulnerability of the software, and the vendor doesn't know, and even if Matt know about it, he want believe it as below.
     
    0x3, Jun 28, 2012 IP
  20. Hostwinds_Dan

    Hostwinds_Dan Peon

    Messages:
    149
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #20
    Of course, because there's no such thing as 100% security.
     
    Hostwinds_Dan, Jul 3, 2012 IP