Page 3 of 60 FirstFirst 1234561353 ... LastLast
Results 51 to 75 of 1499
  1. #51
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,884
    Quote Originally Posted by hostedas View Post
    Yeah, surprised - and disappointed : https://whmcs.whmcs.com:2087/

    Code:
    21/tcp  open     ftp
    25/tcp  open     smtp
    26/tcp  open     unknown
    53/tcp  open     domain
    80/tcp  open     http
    110/tcp open     pop3
    143/tcp open     imap
    443/tcp open     https
    465/tcp open     smtps
    587/tcp open     submission
    993/tcp open     imaps
    995/tcp open     pop3s
    ... etc
    Wow... Thats just disappointing.
      0 Not allowed!

  2. #52
    Join Date
    May 2009
    Location
    United Kingdom
    Posts
    1,317
    I'm really surprised that everything was hosted on a cPanel server. I would have thought they'd have no control panel and almost everything disabled.
      0 Not allowed!

  3. #53
    Join Date
    Oct 2010
    Location
    Singapore
    Posts
    143
    Quote Originally Posted by Steven View Post
    Did he really have all those ports open?
    Yes, they have!
      0 Not allowed!

  4. #54
    Join Date
    Jan 2008
    Location
    Montreal, Canada
    Posts
    133
    Quote Originally Posted by zomex View Post
    I'm really surprised that everything was hosted on a cPanel server. I would have thought they'd have no control panel and almost everything disabled.
    First thing to disable is FTP... restrict ports and services. It's sad what is happening to whmcs right now.
      0 Not allowed!

  5. #55
    Join Date
    Mar 2005
    Location
    New York City
    Posts
    2,554
    Quote Originally Posted by KMyers View Post
    Wow... Thats just disappointing.
    For a company that specializes in the hosting industry and deals with security, you would think they would do the most basic of security implementations at minimum.

    I'm really hoping no WHMCS source code was stored on that server. If these guys find exploits, this definitely won't end well. As annoying as it is to have to cancel cards and stuff, it would be no where as annoying as people getting into WHMCS installations due to newly discovered flaws.
      0 Not allowed!

  6. #56
    Hi Guys,

    As you've seen we have unfortunately become the victim of a hack just a little over an hour ago.

    So far early indications are that they were able to compromise my email, and subsequently impersonate myself with HostGator staff. In response to those saying it's an unsecured box, we use a fully managed service from HostGator for our website, in connection with McAfee Secure.

    We'll post more updates as soon as we have them.

    Matt
      0 Not allowed!

  7. #57
    Join Date
    Aug 2003
    Location
    127.0.0.1
    Posts
    273
    Quote Originally Posted by FrankLaszlo View Post
    Yes. I've talked with him a bit and he's working on it.
    Thanks for this - feels better knowing he's on it

    Now just hoping there isn't a broader issue with whmcs or the code/data that was copied from the server that can impact everyone..
      0 Not allowed!

  8. #58

    Video

    Google found me this, which was posted just a few hours ago.

    darksite.in/2012/05/free-download-symlink-whmcs-hacking.html

    The cause of this whole issue?
      0 Not allowed!

  9. #59
    Join Date
    May 2005
    Location
    Kansas City, MO USA
    Posts
    20
    they got owned.....
      0 Not allowed!

  10. #60
    Join Date
    Aug 2003
    Location
    127.0.0.1
    Posts
    273
    Quote Originally Posted by WHMCS-Matt View Post
    Hi Guys,

    As you've seen we have unfortunately become the victim of a hack just a little over an hour ago.

    So far early indications are that they were able to compromise my email, and subsequently impersonate myself with HostGator staff. In response to those saying it's an unsecured box, we use a fully managed service from HostGator for our website, in connection with McAfee Secure.

    We'll post more updates as soon as we have them.

    Matt
    Matt, thanks for jumping in here and providing an update - appreciated. With the site/twitter etc offline I'm sure most of the customer base will be looking to this thread/your posts for updates. We're all anxious about what the exposure here may be.
      0 Not allowed!

  11. #61
    Join Date
    Aug 2008
    Posts
    534
    Quote Originally Posted by dhew View Post
    Google found me this, which was posted just a few hours ago.

    darksite.in/2012/05/free-download-symlink-whmcs-hacking.html

    The cause of this whole issue?
    This issue is already fixed a while back, it shouldn't be the cause.
      0 Not allowed!

  12. #62
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,884
    @Matt - Can you release exactly what the attackers may have had access to once you are done with the cleanup. Did they get to the source code, customer database or more?
      0 Not allowed!

  13. #63
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    18,884
    Quote Originally Posted by yourwebhostereu View Post
    This issue is already fixed a while back, it shouldn't be the cause.
    Matt has confirmed that this was due to Social Engineering of the HostGator's support team (by using Matt's email address)
      0 Not allowed!

  14. #64
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,259
    Quote Originally Posted by WHMCS-Matt View Post
    Hi Guys,

    As you've seen we have unfortunately become the victim of a hack just a little over an hour ago.

    So far early indications are that they were able to compromise my email, and subsequently impersonate myself with HostGator staff. In response to those saying it's an unsecured box, we use a fully managed service from HostGator for our website, in connection with McAfee Secure.

    We'll post more updates as soon as we have them.

    Matt
    I know its probably unrelated at this point however despite having 'managed' dedicated at hostgator, they sure don't have you very secure considering the importance of your site. Tell them to lock down those administration ports!
      0 Not allowed!

  15. #65
    Join Date
    Aug 2008
    Posts
    534
    Quote Originally Posted by KMyers View Post
    Matt has confirmed that this was due to Social Engineering of the HostGator's support team (by using Matt's email address)
    I'm aware about that, I'm just replying on dhew.
      0 Not allowed!

  16. #66
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,408
    In other unrelated news... the music on the hacked page is really catchy...
      0 Not allowed!

  17. #67
    Join Date
    Jun 2007
    Location
    London, United Kingdom
    Posts
    858
    This was just tweeted by the hackers:
    Full #database of whmcs.com will be #leaked soon. - Cosmo #UGNazi @UG @JoshTheGod @ThaCosmo @le4ky
      0 Not allowed!

  18. #68
    Join Date
    Dec 2007
    Location
    Indianapolis, Indiana USA
    Posts
    15,336
    Aha, social engineering. Doesn't matter how secure a system is if you can convince somebody to give you the root password. Hopefully there are backups.
      0 Not allowed!

  19. #69
    Join Date
    Aug 2003
    Location
    127.0.0.1
    Posts
    273
    Quote Originally Posted by MikeDVB View Post
    Aha, social engineering. Doesn't matter how secure a system is if you can convince somebody to give you the root password. Hopefully there are backups.
    Hopefully sensitive data is encrypted in the db that's about to be leaked.. I'd guess there are tons of now vulnerable boxes out there where people have provided the WHMCS team their logins/passwords/etc in the process of normal troubleshooting.
      0 Not allowed!

  20. #70
    Join Date
    Dec 2007
    Location
    Indianapolis, Indiana USA
    Posts
    15,336
    Quote Originally Posted by hostedas View Post
    Hopefully sensitive data is encrypted in the db that's about to be leaked.. I'd guess there are tons of now vulnerable boxes out there where people have provided the WHMCS team their logins/passwords/etc in the process of normal troubleshooting.
    A solid policy that would help this is to use temporary passwords for external support as well as rotating passwords regularly and not sharing passwords among services/logins.

    These are all basic security rules that would help protect people from incidents such as this. While it's not the be-all and end-all to security and won't necessarily save you - it certainly won't hurt.
      0 Not allowed!

  21. #71
    Join Date
    Jan 2006
    Location
    Alabama
    Posts
    1,230
    /subscribed.

    This is bad news indeed.
      0 Not allowed!

  22. #72
    Join Date
    Dec 2009
    Location
    United Kingdom
    Posts
    203
    This is rather worrying.
      0 Not allowed!

  23. #73
    Join Date
    Jul 2005
    Location
    In the Internets
    Posts
    3,408
    Quote Originally Posted by MikeDVB View Post
    Aha, social engineering. Doesn't matter how secure a system is if you can convince somebody to give you the root password. Hopefully there are backups.
    True to a certain point...

    Let's say they reset the root password...

    - Getting the root password isn't going to work very well if you don't allow direct SSH logins as root
    - Getting the root password doesn't work very well if the ports are firewalled off and they can't reach WHM/SSH
    - Getting the root password doesn't work very well if you have 2 factor authentication with a token based system (or something similar)
    - Getting the root password doesn't explain how their twitter login got hacked unless they are sharing passwords across platforms.

    Matt was quick to blame HostGator and perhaps HG is to be blamed here, but that doesn't excuse the fact that Matt has piss poor security on a very important box... Leaving your security up to HostGator and McAfee shows that he doesn't take it serious.

    Hopefully for his sake he understands how important security is and readjusts his priorities now.
      0 Not allowed!

  24. #74
    Quote Originally Posted by nerdie View Post
    True to a certain point...

    Let's say they reset the root password...

    - Getting the root password isn't going to work very well if you don't allow direct SSH logins as root
    - Getting the root password doesn't work very well if the ports are firewalled off and they can't reach WHM/SSH
    - Getting the root password doesn't work very well if you have 2 factor authentication with a token based system (or something similar)
    - Getting the root password doesn't explain how their twitter login got hacked unless they are sharing passwords across platforms.

    Matt was quick to blame HostGator and perhaps HG is to be blamed here, but that doesn't excuse the fact that Matt has piss poor security on a very important box... Leaving your security up to HostGator and McAfee shows that he doesn't take it serious.

    Hopefully for his sake he understands how important security is and readjusts his priorities now.
    Matt said his email was compromised and thus the hacker could social engineer Hostgator... it also explains how the Twitter was accessed.
      0 Not allowed!

  25. #75
    Join Date
    Aug 2003
    Location
    127.0.0.1
    Posts
    273
    Quote Originally Posted by nerdie View Post
    True to a certain point...

    Let's say they reset the root password...

    - Getting the root password isn't going to work very well if you don't allow direct SSH logins as root
    - Getting the root password doesn't work very well if the ports are firewalled off and they can't reach WHM/SSH
    - Getting the root password doesn't work very well if you have 2 factor authentication with a token based system (or something similar)
    - Getting the root password doesn't explain how their twitter login got hacked unless they are sharing passwords across platforms.

    Matt was quick to blame HostGator and perhaps HG is to be blamed here, but that doesn't excuse the fact that Matt has piss poor security on a very important box... Leaving your security up to HostGator and McAfee shows that he doesn't take it serious.

    Hopefully for his sake he understands how important security is and readjusts his priorities now.
    Not to forget decentralizing services, like the DB, licensing API (appears to be locking people out if they are unfortunate enough to pull their license, support/ticket system, etc.
      0 Not allowed!

Page 3 of 60 FirstFirst 1234561353 ... LastLast

Similar Threads

  1. Servage.NET hacked [MERGED]
    By jic in forum Web Hosting
    Replies: 98
    Last Post: 04-11-2009, 05:08 AM
  2. Another Billing system Hacked Clientexec this time...? [MERGED]
    By rackheat in forum Hosting Security and Technology
    Replies: 14
    Last Post: 01-28-2008, 03:01 AM
  3. Anyone else get hacked just now on SonataWeb's greenday server? [MERGED]
    By tamar in forum Providers and Network Outages and Updates
    Replies: 21
    Last Post: 09-05-2006, 12:02 PM
  4. hotscripts hacked [Merged]
    By case in forum Web Hosting Lounge
    Replies: 54
    Last Post: 03-07-2005, 02:39 AM

Related Posts from theWHIR.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •