Web Hosting Talk : Web Hosting Main Forums : Web Hosting : Whmcs +Livezilla Cause whmcs hack

[gigageta]

Hi, I have had a bit of a issue hope someone can help me understand this and see if its true.
_

i was in online mode in livezilla desktop version and a client came onto my website he was it for about 10 minutes looking around, i opened the window in livezila to see what page he is looking at, then he went of the radar, so i thought he has left, about 1 hour later i added a new a admin and seen that there was another admin account which i never made.
when i looked back at the admin log in whmcs i seen that it was that ip that had logged on and made a user for himself/herself,

it got me thinking how could they have done it,
im protected by ssl, no 777 directorys but yet still made it through ,

then it clicked with me , when i opened the window in livezila to see what page he was on, maybe the active cookie on my pc(i was logged onto whmcs) was detected in his windows as i was looking at it through livezilla, transfared the active cookie and and opened admin panel,?
there was no loggin faled attempts

how could he have done it?
Please help

[iHubNet-Matt]

This is sort of strange, I would also like to know how this might have happened.

[gigageta]

so would i , i thought it was secure.

i just logged into whmcs, had it open doing nothing,

i was in online mode in livezlla, opened a ip address that someone was visiting on abd clicked the window to see what page they were on,
they were in the client area , so whmcs must have detected through livezilla the cookie on my pc, then saved the cookie on his pc, and he was able to log in,

[Matt R]

Quote:

Originally Posted by gigageta

so whmcs must have detected through livezilla the cookie on my pc, then saved the cookie on his pc, and he was able to log in,

That's beyond unlikely.

The more likely scenario is that you didn't run the important update that was released by LiveZilla a few days back that fixed a yet to be released security hole.

More likely than not, you'll also find that the security hole grants access to the file system and you're running WHM/Livezilla out of the same homefolder.

A chmod of 777 wouldn't matter if the two sections of your site were in the same home folder -- a chmod of 755 to the same user would be more than enough.

[gigageta]

livezilla has the latest update, and using the latest whmcs,

the whmcs is on a subdomain
livezilla isnt

[MikeDVB]

Quote:

Originally Posted by gigageta

the whmcs is on a subdomain
livezilla isnt

Subdomain or not - were they in the same actual account on the server?

[gigageta]

no, whmcs was in seperate account to livezilla

[jwebhost]

Maybe you have an easy to guess LiveZilla password or not have one?? Just change all passwords on all hosting accounts. See if that changes anything.

[Matt R]

Quote:

Originally Posted by gigageta

no, whmcs was in seperate account to livezilla

That suggests a problem with the security of your server.

One subdomain can't grab cookies from another (easily).

[Dennis H]

Yes, this is fully possible but very hard perform.
There are lots of 0-day exploits the developers don't know about, it's impossible to create a hacker safe software.

[HostNeighbor]

That is odd indeed but anything is possible.

Ever notice how the only real issues in the tech world are software based?

People don't take the time to look through their code. They just pump out the software as fast as possible to make a buck asap.

[gigageta]

checked all server details, it has all latest kernels latest security updates, its not the server, everything is password protected whmcs and livezilla passwords contain letters numbers and symbols. its a strong password, livezilla server is ran on a wildcard ssl and accounts is ran on a standard ssl cert?

Any other help?