Page 1 of 60 12341151 ... LastLast
Results 1 to 25 of 1499
  1. #1
    Join Date
    Oct 2004
    Posts
    2,825

    WHMCS hacked [merged]

    http://www.whmcs.com/ redirects to another website... First noticed about 30 mins ago that the database was offline, then the website wiped out completely, and now it redirects.

    Edit: Whatever anyone does, do not do any of the following:
    1) Help > License Information
    2) Help > Check for Updates
    3) Help > Change License Key

    Any of these will lock you out of your system until WHMCS fixes this mess.
    Last edited by Nick H; 05-21-2012 at 11:25 AM.
      1 Not allowed!

  2. Thread Summary WebHostingTalk.com has pinned this thread to the top of the forum to aid visitors in seeing this important information.

    The main server of WHMCS, which hosts the whmcs.com website along with billing and licensing systems for the software, was compromised on May 21st, 2012. This server was hacked through social engineering means. Official announcements by the company can be read through the WHMCS forums:


    Databases hosted on the server have been made public by the attacking parties. Following is an incomplete list of the private information that has already been leaked.

    • Credit card details of the customers of the whmcs.com website. Customers are urged to cancel their cards if they ever had a card on file with WHMCS.
    • Email addresses, names, postal addresses and phone numbers of all customers.
    • Email logs for the whmcs.com website, which include support ticket details and passwords provided in tickets for some clients.
    • Email logs for the whmcs.com website, which include login passwords for some clients.
    • WHMCS software licensing details, including hosting IPs and directories (it would be a good idea to move your installation to a different hostname and IP).
    • Hashed and salted versions of user passwords, although this does not mean immediate retrieval of the actual passwords. Customers are urged to change their passwords.
    • This was not an exploit of the WHMCS software, so existing WHMCS installations should be safe, pending any new information.


    As a result of the continuing attacks on the server, whmcs.com was rendered inaccessible, and intermittent outages continue due to DDoS attacks. These outages also affect the license verifications of existing WHMCS software installs, rendering some installations inoperable.

    ** WHMCS is updating their blog. We advise you to check there for any updates they have to offer. **

    ** More coverage at the WHIR: Web Hosting Control Panel WHMCS Hit by DDoS and Social Engineering Attack**

    Contributors: Orien, Harzem, VectorVPS, Mark Muyskens, sirius, HostXNow_Chris, SoftWareRevue, incrediblehelp

  3. #2
    Join Date
    May 2009
    Location
    United Kingdom
    Posts
    1,322

    WHMCS.com hacked?

    I was just trying to download WHMCS and was having issues with the download. It appears that the site has been deleted and replaced:

    http://www.whmcs.com/

      0 Not allowed!

  4. #3
    Not good...
      0 Not allowed!

  5. #4
    Join Date
    Feb 2004
    Posts
    741
    Well that's not good. Hopefully they only had access to the webserver and not any of the backend stuff. Still, that is a bit embarrassing for them.
      0 Not allowed!

  6. #5
    Join Date
    Sep 2010
    Location
    Universe
    Posts
    204
    It's also being redirected here... To:
    http://www.ugnazi.com/
      0 Not allowed!

  7. #6
    Join Date
    Oct 2011
    Posts
    1,244
    I just hope that data of all the people including us is safe with them.

    http://www.ugnazi.com/not_stubborn.html

    We understand that these websites will enevitably take back their website.
    We don't steal users data, only here to make them aware.
    From SOPA/PIPA, to ACTA to just pissing us off...there is always a reason (Targets).
    From their twitter:

    UGNazi ‏@UG

    http://www.whmcs.com Hacked by #UGNazi @JoshTheGod @ThaCosmo @le4ky Database #leak coming soon.
    Retweeted by Josh Matthews
    Last edited by public_html; 05-21-2012 at 11:28 AM.
      0 Not allowed!

  8. #7
    Join Date
    Oct 2004
    Posts
    2,825
    Quote Originally Posted by RU-Adam View Post
    Well that's not good. Hopefully they only had access to the webserver and not any of the backend stuff. Still, that is a bit embarrassing for them.
    The database was down, I can only imagine if any client or credit card data was gotten ahold of.
      0 Not allowed!

  9. #8
    Join Date
    Oct 2004
    Posts
    2,825
    PS: Whatever anyone does, do not do any of the following:
    1) Help > License Information
    2) Help > Check for Updates
    3) Help > Change License Key

    Any of these will lock you out of your system until WHMCS fixes this mess.
      0 Not allowed!

  10. #9
    Join Date
    Jul 2011
    Location
    /root
    Posts
    862
    Definitely not good...

    Hopefully we'll hear something from a WHMCS staff member soon.
      0 Not allowed!

  11. #10
    Join Date
    Jan 2012
    Location
    Cleveland, Ohio
    Posts
    13
    It seems like the hacker group "Ugnazi" hacked it, luckily I have site advisor to tell me not to go there I hope everything is alright, their forums don't seem to be down though.
      0 Not allowed!

  12. #11
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,431
    I told Matt about his security problems months ago, he told me not to worry about them because 'nothing has happened in the several years the box has been up'

    Bet he regrets saying that now.
      0 Not allowed!

  13. #12
    Quote Originally Posted by nerdie View Post
    I told Matt about his security problems months ago, he told me not to worry about them because 'nothing has happened in the several years the box has been up'

    Bet he regrets saying that now.
    Please tell us more?
      0 Not allowed!

  14. #13
    Join Date
    May 2009
    Location
    United Kingdom
    Posts
    1,322
    This is very worrying indeed, we can only hope that this wasn't due to the software itself.

    I'm going to change all passwords just to be on the safe side.
      0 Not allowed!

  15. #14
    Join Date
    Aug 2003
    Location
    127.0.0.1
    Posts
    273

    WHMCS.com hacked

    Not really a "provider" outage, but since WHMCS is used by a huge number- let's hope it's just a badly secured web server by Matt & team and not a new in the wild whmcs hack that allowed this redirect to be put in place.

    http://www.whmcs.com - screen cap https://img.skitch.com/20120521-jr1u...d2bfq4g47g.jpg

    Code:
    curl http://www.whmcs.com
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>301 Moved Permanently</title>
    </head><body>
    <h1>Moved Permanently</h1>
    <p>The document has moved <a href="http://www.ugnazi.com/">here</a>.</p>
    <hr>
    <address>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0g DAV/2 mod_bwlimited/1.4 mod_perl/2.0.5 Perl/v5.8.8 Server at www.whmcs.com Port 80</address>
    </body></html>
      0 Not allowed!

  16. #15
    Join Date
    Jan 2008
    Location
    Montreal, Canada
    Posts
    133
    I hope it's only their webserver... Well is it an issue with the script or the server?
      0 Not allowed!

  17. #16
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,431
    Quote Originally Posted by Simplex-Ed View Post
    Please tell us more?
    I'm not going to talk about his security issues in a public forum, but let's say it was a default box with no lock down on security at all...

    With storing thousands of business credit cards, he should have known better, it wasn't PCI compliant by any means.

    EDIT: This was security issues with his webserver box, not security issues with the WHMCS script itself.
      0 Not allowed!

  18. #17
    Join Date
    Apr 2009
    Location
    Tianjin
    Posts
    101
    yes, I see too, whmcs.com hacked
      0 Not allowed!

  19. #18
    Quote Originally Posted by nerdie View Post
    I'm not going to talk about his security issues in a public forum, but let's say it was a default box with no lock down on security at all...

    With storing thousands of business credit cards, he should have known better, it wasn't PCI compliant by any means.

    EDIT: This was security issues with his webserver box, not security issues with the WHMCS script itself.
    I know they (or did) use HostGator... but like another poster said, I hope it wasn't exploited via the WHMCS sw.

    http://twitter.com/#!/JoshTheGod/sta...95003379548160

    "Database #leak coming soon."
      0 Not allowed!

  20. #19
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,431
    https://twitter.com/#!/UG/status/204592550265360384

    "http://www.whmcs.com Hacked by #UGNazi @JoshTheGod @ThaCosmo @le4ky Database #leak coming soon."
      0 Not allowed!

  21. #20
    Join Date
    Aug 2004
    Location
    Dallas, TX
    Posts
    3,402
    My license is showing as "invalid" wonder if it's because of this.
      0 Not allowed!

  22. #21
    Join Date
    Oct 2004
    Posts
    2,825
    https://twitter.com/#!/JoshTheGod/st...95003379548160

    http://Whmcs.com Hacked by #UGNazi @UG @Thacosmo @le4ky Database #leak coming soon.
      0 Not allowed!

  23. #22
    Join Date
    Sep 2010
    Location
    Universe
    Posts
    204
    http://twitter.com/#!/JoshTheGod
    UGNazi ‏@UG
    http://www.whmcs.com Hacked by #UGNazi @JoshTheGod @ThaCosmo @le4ky Database #leak coming soon.
    Sorry, already posted.
      0 Not allowed!

  24. #23
    Join Date
    Aug 2003
    Location
    Edinburgh/London
    Posts
    4,902
    Quote Originally Posted by nerdie View Post
    https://twitter.com/#!/UG/status/204592550265360384

    "http://www.whmcs.com Hacked by #UGNazi @JoshTheGod @ThaCosmo @le4ky Database #leak coming soon."
    'Database #leak coming soon.' - Not sure what to make of that.
      0 Not allowed!

  25. #24
    Quote Originally Posted by gordonrp View Post
    My license is showing as "invalid" wonder if it's because of this.
    It is, their licencing servers are down/wiped/something.
      0 Not allowed!

  26. #25
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    5,029
    Quote Originally Posted by nerdie View Post
    I'm not going to talk about his security issues in a public forum, but let's say it was a default box with no lock down on security at all...

    With storing thousands of business credit cards, he should have known better, it wasn't PCI compliant by any means.

    EDIT: This was security issues with his webserver box, not security issues with the WHMCS script itself.
    Nerdie, how do you know this?
      0 Not allowed!

Page 1 of 60 12341151 ... LastLast

Similar Threads

  1. Servage.NET hacked [MERGED]
    By jic in forum Web Hosting
    Replies: 98
    Last Post: 04-11-2009, 05:08 AM
  2. Another Billing system Hacked Clientexec this time...? [MERGED]
    By rackheat in forum Hosting Security and Technology
    Replies: 14
    Last Post: 01-28-2008, 03:01 AM
  3. Anyone else get hacked just now on SonataWeb's greenday server? [MERGED]
    By tamar in forum Providers and Network Outages and Updates
    Replies: 21
    Last Post: 09-05-2006, 12:02 PM
  4. hotscripts hacked [Merged]
    By case in forum Web Hosting Lounge
    Replies: 54
    Last Post: 03-07-2005, 02:39 AM

Related Posts from theWHIR.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •