Any of you that use WHMCS as your billing system, I suggest you make a backup as soon as possible, and maybe even go with another billing system. I just installed my WHMCS last week and it was hacked already! Thats all the hacker got into, the server is fine, but all my billing info is gone!
Again, if you use WHMCS, make a backup NOW. If you are thinking about getting WHMCS, DONT!
I'm extremely concerned by the apparent levity with which you post this in a public forum. Have you discussed this with WHMCS prior to this public disclosure? Are you sure it didn't result from poor server security, that they managed to get to your database that way?
No, my card info was not stored in there, and neither was any of my clients, so their all safe. I just received a reply from them about this, heres what they said:
"I would be interested to see what proof you have that it was WHMCS that got hacked. What makes you think its a vulnerability in WHMCS and not some other script you have on the server. Something like this has never happened before as a result of using WHMCS."
I think it's pretty obvious that WHMCS was what got hacked since when you go to [ eqwebhost.com/billing ] [MOD: visit at your own risk] you get the hacked screen. Doesnt take a rocket scientist to figure that out!
And it cant be any other script I have on that server because I dont have any others installed, WHMCS is all I use! My help desk is fine, every other site I have on that server is fine, but my billing system is gone!
Just trying to warn all of you to make a backup of your billing system quickly before the hackers get yours too! As for the security of the server, everything else is fine, all that was harmed was the billing system.
Have you provided them with any more details of the hacking? Server logs and the likes can be very helpful especially with amateur hackers who don't know how to cover their tracks.
Just because none of the other folders of your website were affected, that doesn't mean that it was directly caused by WHMCS. It could have been a server-wide attack that was particularly focused on your billing system, presumably to get credit card details, etc...
I have never heard of anything like this before. Do you run any other scripts that may have let the "hacker" in to your system? Do you have easy to guess passwords? Where your file permissions set correctly?