Results 1 to 12 of 12
  1. #1
    Join Date
    Aug 2010
    Posts
    7

    Exclamation Whmcs +Livezilla Cause whmcs hack

    Hi, I have had a bit of a issue hope someone can help me understand this and see if its true.
    _

    i was in online mode in livezilla desktop version and a client came onto my website he was it for about 10 minutes looking around, i opened the window in livezila to see what page he is looking at, then he went of the radar, so i thought he has left, about 1 hour later i added a new a admin and seen that there was another admin account which i never made.
    when i looked back at the admin log in whmcs i seen that it was that ip that had logged on and made a user for himself/herself,

    it got me thinking how could they have done it,
    im protected by ssl, no 777 directorys but yet still made it through ,

    then it clicked with me , when i opened the window in livezila to see what page he was on, maybe the active cookie on my pc(i was logged onto whmcs) was detected in his windows as i was looking at it through livezilla, transfared the active cookie and and opened admin panel,?
    there was no loggin faled attempts

    how could he have done it?
    Please help

  2. #2
    Join Date
    Aug 2007
    Posts
    6,884
    This is sort of strange, I would also like to know how this might have happened.

  3. #3
    Join Date
    Aug 2010
    Posts
    7
    so would i , i thought it was secure.

    i just logged into whmcs, had it open doing nothing,

    i was in online mode in livezlla, opened a ip address that someone was visiting on abd clicked the window to see what page they were on,
    they were in the client area , so whmcs must have detected through livezilla the cookie on my pc, then saved the cookie on his pc, and he was able to log in,

  4. #4
    Join Date
    Mar 2005
    Location
    Orlando, Florida
    Posts
    2,625
    Quote Originally Posted by gigageta View Post
    so whmcs must have detected through livezilla the cookie on my pc, then saved the cookie on his pc, and he was able to log in,
    That's beyond unlikely.

    The more likely scenario is that you didn't run the important update that was released by LiveZilla a few days back that fixed a yet to be released security hole.

    More likely than not, you'll also find that the security hole grants access to the file system and you're running WHM/Livezilla out of the same homefolder.

    A chmod of 777 wouldn't matter if the two sections of your site were in the same home folder -- a chmod of 755 to the same user would be more than enough.
    Matthew Rosenblatt, and I do lots of things.
    Used to be a full time server administrator, now I help build cruise ships and inspect homes.
    My company, Ferrell Solutions, specializes in home inspections and property management.
    RecallScan is a service for monitoring appliances and vehicles in your home for recalls.

  5. #5
    Join Date
    Aug 2010
    Posts
    7
    livezilla has the latest update, and using the latest whmcs,

    the whmcs is on a subdomain
    livezilla isnt

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,196
    Quote Originally Posted by gigageta View Post
    the whmcs is on a subdomain
    livezilla isnt
    Subdomain or not - were they in the same actual account on the server?
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.

  7. #7
    Join Date
    Aug 2010
    Posts
    7
    no, whmcs was in seperate account to livezilla

  8. #8
    Join Date
    Jun 2009
    Location
    UK: Oxford
    Posts
    1,259
    Maybe you have an easy to guess LiveZilla password or not have one?? Just change all passwords on all hosting accounts. See if that changes anything.
    Garbott Ltd - Exceptional web development, hosting & consultancy services

  9. #9
    Join Date
    Mar 2005
    Location
    Orlando, Florida
    Posts
    2,625
    Quote Originally Posted by gigageta View Post
    no, whmcs was in seperate account to livezilla
    That suggests a problem with the security of your server.

    One subdomain can't grab cookies from another (easily).
    Matthew Rosenblatt, and I do lots of things.
    Used to be a full time server administrator, now I help build cruise ships and inspect homes.
    My company, Ferrell Solutions, specializes in home inspections and property management.
    RecallScan is a service for monitoring appliances and vehicles in your home for recalls.

  10. #10
    Yes, this is fully possible but very hard perform.
    There are lots of 0-day exploits the developers don't know about, it's impossible to create a hacker safe software.

  11. #11
    Join Date
    Aug 2010
    Location
    Houston, TX
    Posts
    28
    That is odd indeed but anything is possible.

    Ever notice how the only real issues in the tech world are software based?

    People don't take the time to look through their code. They just pump out the software as fast as possible to make a buck asap.
    ██ Host Neighbor.com
    ██ http://www.hostneighbor.com
    ██ 24/7 Personal Support | Unlimited Hosting | Reseller Hosting | Dedicated Servers
    ██ Web Design | Website Maintenance | WHMCS | Softaculous | cPanel | RVSitebuilder

  12. #12
    Join Date
    Aug 2010
    Posts
    7
    checked all server details, it has all latest kernels latest security updates, its not the server, everything is password protected whmcs and livezilla passwords contain letters numbers and symbols. its a strong password, livezilla server is ran on a wildcard ssl and accounts is ran on a standard ssl cert?

    Any other help?

Similar Threads

  1. Add LiveZilla icon to WHMCS
    By Extinct Host in forum Hosting Software and Control Panels
    Replies: 3
    Last Post: 07-08-2010, 02:08 AM
  2. Replies: 4
    Last Post: 05-24-2010, 12:30 AM
  3. WHMCS, TCAdmin, LiveZilla Integration
    By neXeon in forum Design Requests
    Replies: 4
    Last Post: 03-20-2010, 07:03 PM
  4. integration whmcs/solusvm/visionheldesk/livezilla
    By stormfr in forum Design Requests
    Replies: 7
    Last Post: 03-17-2010, 08:40 AM
  5. WHMCS and Livezilla Integration
    By AlanB- in forum Design Requests
    Replies: 2
    Last Post: 03-16-2010, 10:24 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •