Results 1 to 12 of 12
Hybrid View
-
08-31-2010, 07:49 AM #1Temporarily Suspended
- Join Date
- Aug 2010
- Posts
- 7
Whmcs +Livezilla Cause whmcs hack
Hi, I have had a bit of a issue hope someone can help me understand this and see if its true.
_
i was in online mode in livezilla desktop version and a client came onto my website he was it for about 10 minutes looking around, i opened the window in livezila to see what page he is looking at, then he went of the radar, so i thought he has left, about 1 hour later i added a new a admin and seen that there was another admin account which i never made.
when i looked back at the admin log in whmcs i seen that it was that ip that had logged on and made a user for himself/herself,
it got me thinking how could they have done it,
im protected by ssl, no 777 directorys but yet still made it through ,
then it clicked with me , when i opened the window in livezila to see what page he was on, maybe the active cookie on my pc(i was logged onto whmcs) was detected in his windows as i was looking at it through livezilla, transfared the active cookie and and opened admin panel,?
there was no loggin faled attempts
how could he have done it?
Please help
-
08-31-2010, 07:56 AM #2Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 6,884
This is sort of strange, I would also like to know how this might have happened.
-
08-31-2010, 07:59 AM #3Temporarily Suspended
- Join Date
- Aug 2010
- Posts
- 7
so would i , i thought it was secure.
i just logged into whmcs, had it open doing nothing,
i was in online mode in livezlla, opened a ip address that someone was visiting on abd clicked the window to see what page they were on,
they were in the client area , so whmcs must have detected through livezilla the cookie on my pc, then saved the cookie on his pc, and he was able to log in,
-
08-31-2010, 08:09 AM #4Web Hosting Master
- Join Date
- Mar 2005
- Location
- Orlando, Florida
- Posts
- 2,625
That's beyond unlikely.
The more likely scenario is that you didn't run the important update that was released by LiveZilla a few days back that fixed a yet to be released security hole.
More likely than not, you'll also find that the security hole grants access to the file system and you're running WHM/Livezilla out of the same homefolder.
A chmod of 777 wouldn't matter if the two sections of your site were in the same home folder -- a chmod of 755 to the same user would be more than enough.█ Matthew Rosenblatt, and I do lots of things.
█ Used to be a full time server administrator, now I help build cruise ships and inspect homes.
█ My company, Ferrell Solutions, specializes in home inspections and property management.
█ RecallScan is a service for monitoring appliances and vehicles in your home for recalls.
-
08-31-2010, 08:16 AM #5Temporarily Suspended
- Join Date
- Aug 2010
- Posts
- 7
livezilla has the latest update, and using the latest whmcs,
the whmcs is on a subdomain
livezilla isnt
-
08-31-2010, 10:51 AM #6Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
08-31-2010, 04:52 PM #7Temporarily Suspended
- Join Date
- Aug 2010
- Posts
- 7
no, whmcs was in seperate account to livezilla
-
08-31-2010, 05:24 PM #8Web Hosting Master
- Join Date
- Mar 2005
- Location
- Orlando, Florida
- Posts
- 2,625
█ Matthew Rosenblatt, and I do lots of things.
█ Used to be a full time server administrator, now I help build cruise ships and inspect homes.
█ My company, Ferrell Solutions, specializes in home inspections and property management.
█ RecallScan is a service for monitoring appliances and vehicles in your home for recalls.
-
08-31-2010, 05:01 PM #9Web Hosting Master
- Join Date
- Jun 2009
- Location
- UK: Oxford
- Posts
- 1,259
Maybe you have an easy to guess LiveZilla password or not have one?? Just change all passwords on all hosting accounts. See if that changes anything.
█ Garbott Ltd - Exceptional web development, hosting & consultancy services
-
08-31-2010, 05:30 PM #10WHT Addict
- Join Date
- Dec 2009
- Posts
- 165
Yes, this is fully possible but very hard perform.
There are lots of 0-day exploits the developers don't know about, it's impossible to create a hacker safe software.
-
08-31-2010, 05:56 PM #11Newbie
- Join Date
- Aug 2010
- Location
- Houston, TX
- Posts
- 28
That is odd indeed but anything is possible.
Ever notice how the only real issues in the tech world are software based?
People don't take the time to look through their code. They just pump out the software as fast as possible to make a buck asap.██ Host Neighbor.com
██ http://www.hostneighbor.com
██ 24/7 Personal Support | Unlimited Hosting | Reseller Hosting | Dedicated Servers
██ Web Design | Website Maintenance | WHMCS | Softaculous | cPanel | RVSitebuilder
-
09-01-2010, 10:52 AM #12Temporarily Suspended
- Join Date
- Aug 2010
- Posts
- 7
checked all server details, it has all latest kernels latest security updates, its not the server, everything is password protected whmcs and livezilla passwords contain letters numbers and symbols. its a strong password, livezilla server is ran on a wildcard ssl and accounts is ran on a standard ssl cert?
Any other help?
Similar Threads
-
Add LiveZilla icon to WHMCS
By Extinct Host in forum Hosting Software and Control PanelsReplies: 3Last Post: 07-08-2010, 02:08 AM -
whmcs integration - whmcs install - whmcs upgrade - whmcs configuration
By Dustin B Cisneros in forum Design OffersReplies: 4Last Post: 05-24-2010, 12:30 AM -
WHMCS, TCAdmin, LiveZilla Integration
By neXeon in forum Design RequestsReplies: 4Last Post: 03-20-2010, 07:03 PM -
integration whmcs/solusvm/visionheldesk/livezilla
By stormfr in forum Design RequestsReplies: 7Last Post: 03-17-2010, 08:40 AM -
WHMCS and Livezilla Integration
By AlanB- in forum Design RequestsReplies: 2Last Post: 03-16-2010, 10:24 PM