Understandably we are posting this on WHT because we have been a long time member of WHT and feel that all WHT members should hear it from Web Hosting Network

As you may have already heard and discussed regarding HostRocket's unauthorized access to their billing information, Web Hosting Network has been also affected by this exploit.

So without re-divulging what HostRocket already discussed, I will try my best to give you some background behind the exploit.

About 2 weeks ago a host that was utilizing the program WHNBilling was hacked by a unknown person and this person gained full root access to all his servers, from what I understand by a password sniffer that was installed onto his system.

This host, not knowing what to do, allowed this person full root access to his server for as long as 2 weeks. Scared, he tired to meet the hackers demands, instead of contacting the authorities and Web Hosting Network. This host finally contacted us regarding the situation and we helped the host regain control of his servers by doing a total wipe of his hard drive and reinstalling his OS programs.

Unknowingly to Web Hosting Network, this hacker was able to gain full access to a early version of WHNBilling which showed the full source code, he was able to find a unknown exploit. At this time, we do not know if it was an actual exploit of WHNBilling or of PHP itself, none the less without pointing fingers, this person was then able to access our billing backend just as he had full billing privileges.

Many hosts running WHNBilling had later versions of WHNBilling which were encoded with Zend and also had a .htaccess file under the appropriate folders. We have already contacted all hosts actively running the software and patched their systems.

We would like to ask all members of WHT and SitePointForums for your understanding and our sincere apologies regarding this difficult situation for all involved..
Just for futher clarification, so no one points fingers the host that was hacked was neither HostRocket or Web Hosting Network

If you have any questions regarding this, please contact me at garyp@www-hosting.net or open a trouble ticket in our helpdesk at http://helpdesk.whnsupport.com

Dear Gary,

Its great to see companys like (www-hosting.net) posting the full details on WHT, i hope you can fully resolve this issue.

Good luck with WHNbilling!

Disclaimer - I have never used this software and have not been affected by this, but I know numerous ppl who have bought this software.

Well its good to see you've publically appologised, but I myself as a programmer think its pretty sad this had to happen in the first place.

Your selling software that handles billing - to me that would ring alarm bells of MAXIMUM SECURITY and not storing the details for the Mysql database WHN Billing uses in a plan text file.

Anyways - good luck in the future! :)

Wow. Disclosure like this is sometimes painful, but is the absolutle right thing to do.

Customers will respect you more for your decision to detail what has happened and the steps you are taking.

Good job.

I do not know the details of how Simon had created the backend, and as I told you, we do not know if this bug is a bug created by WHNBilling or its a PHP bug and for security reasons, we will not divulge how it was done.

I do know however that the credit card information is heavily using RC4 encryption and other security measures before its put into the mysql database.

Originally posted by AlaskanWolf
I do not know the details of how Simon had created the backend, and as I told you, we do not know if this bug is a bug created by WHNBilling or its a PHP bug and for security reasons, we will not divulge how it was done.

I do know however that the credit card information is heavily using RC4 encryption and other security measures before its put into the mysql database.

Fair enough - but on the point of RC4 - using RC4 encryption makes no difference though if they key is kept in plain text. ;)

Hi Nick

My intentions on posting the Public Notice has nothing to do with the specifics of how we created WHNBilling or the type of security we have used.

The post was created to let everyone know a little background of what happened and that we in fact fixed the problem before this person was able to infiltrate other hosts.

With that said, We feel this matter is closed and will not be responding to this thread in the future. Thank you again for your cooperation in this matter

I would like to know more detail in how you secure your software. Yes your software was compromised but what security precautions do you have in place already besides the RC4 encryption.

Originally posted by purplemokey
I would like to know more detail in how you secure your software. Yes your software was compromised but what security precautions do you have in place already besides the RC4 encryption.

I do not know the details of how Simon had created the backend, and as I told you, we do not know if this bug is a bug created by WHNBilling or its a PHP bug and for security reasons, we will not divulge how it was done.