Member
wrongOriginally Posted by rodeoXtreme
Hostgator violated nothing .
Yes, they're a cheap company, but they violated nothing. Someone passed the security tests and they were given the information needed.
UGnazi are guilty only of downloading information and making it available to the world
WHMCS is guilty of not following industry standards here.
Linux Tech Networks, Quality, affordable Linux Systems Administration
Member
Exactly. Well put.
Member
No, this is freetime, this posting herePlease, i organise my time myselfe. See last Post from me. WHMCS get hacked. i have the work with i, because of incompetece of an Server Admin
That's two pairs of shoes
Member
same old same old repetitive. None of this is news......and it adds nothing to help.
Member
I've just had to recompile the leaked database to establish just how affected I am personally - 7 different accounts, phone numbers, addresses, payment transactions - fortunately no credit cards.
However, 12,735 (quick SQL result to find clients with last 4 card numbers in db) individuals with card details stored are not so lucky. One of whom is my friend that I recommended WHMCS too.
Oh boy, not impressed.
WHMCS is not all to blame in this but a better relationship with a new host who observes proper and custom security protocols is a must. Social engineering scams are a reality but they're never fun on the receiving end.
Last edited by eversonj90; 05-22-12 at 04:03 PM. Reason: Oh wait... turns out 7 accounts
Member
You may want to read that article again http://news.softpedia.com/news/UGNaz...s-270914.shtml
UGNazi said that they reported that spammers and hackers were using their software and whmcs chose not to do anything about it, not that they told them about flaws....
I wonder whats next are they gonna hack Micorshaft for providing the operating system that the script kiddies use to create their BS bots
Member
Can I ask.....how old are you please?No, this is freetime, this posting here
That's two pairs of shoes
Age = ?
Member
Fellow fan boy replying...Who pay me this Time, which i have to spend, because of an incompetent Admin of WHMCS?? Do you mean WHMCS Does this??
As i said before. If you get's no money for your Time; your problem. My time is expensive
AND i don't want to spent time for incompetnce of an Lazy admin
Easy Example: If WHMCS don't get hacked i don't nee to spend time for changing PW's, CC, etc.
It takes a matter of minutes to change passwords and call up the bank. Yes i understand there are problems with recurring billing and such with bills. You will just have to contact them and explain what’s happened and even provide links or such to WHMCS. You’re saying your time is expensive. So you’re moaning about the whole process of changing details to PROTECT YOUR CUSTOMERS! Your business sounds great. But I’d put in endless amounts of time to protect my customers. Taking a few minutes to change a password and contact the bank hardly seems like I’ve wasted time. If anything it's just a bit of a pain.
I don’t know about where other people live, but in the UK you phone up the bank for a new card and it's sent out to you within 7 days. Sometimes quicker.
I'm quite shocked to be honest. Considering WHMCS is for web hosting businesses. Some of your replies scare me into thinking you may be in control of someone's website. Yes WHMCS ****ed up. But we all make mistakes. Yes WHMCS ****ed up in the past too. But these things happen. Websites are hacked all the time. It's only when a big known website gets hacked everyone fly’s off the handle about it. Yes our details are public and WHMCS should have had better security practices in place to prevent such occurrences. But it's a bit too late to moan about it now, it's happened.
Just change your passwords and contact the bank. There is nothing else we can really do now. Also bear in mind how the WHMCS team must be feeling? They are going to have to deal with so much **** in the coming days/weeks.
How would you feel if your server got hacked and your customer’s details exposed. Imagine how you would feel if your customers just turned on you and made the situation harder for yourselves. Just give them time to sort things and things will be ok.
(No I’m not being paid by WHMCS I’m just being realistic about this, no need for everyone to go off on one because of this)
IoxHost Limited - Lowcost professional hosting.
http://ioxhost.co.uk
Dedicated - VPS - Reseller - Shared - WHMCS Addons
Member
if i look at your posts - so far today you've spent almost 6 hours posting in this thread. So you have 6 hours to sit and whine but can't take the time to do what need to be done?No, this is freetime, this posting here
That's two pairs of shoes
Last edited by wwesn; 05-22-12 at 04:05 PM.
Your #1 Source For WHMCS Integrations! - WHMCSintegration.Ca
Matching Your WHMCS to Your Site Design. 10+ Years Providing Script Integrations!
Member
You're delusional if you think you and your business are in partnership with WHMCS. It doesn't work like that unfortunately. Hate to break it to you.
Hey i don't completely disagree with some of your comments but i find how you're down playing quite a serious breach of trust and security from basic security 101 is a bit troubling.
Member
Oh don't you fret about it, or worry. The thing is, at this side, I'm not fretting, it's all in hand. It could be for you too
Let the WHMCS team sort it. Then if shouting needs to be done...... Right now, don't sweat it. Chillax.
Member
I won't deny these things happen. Anyone who does has no clue how reality works.
However, when these things happen, companies grow past it. They move on, the learn from their mistakes.
Have WHMCS? No
This isn't the first time this happened. Letting them off easy the first time, that's a given, expecting that they'd move on and learn.
Here we are, 3 years later, and we're going through the same thing. server hacked, information vulnerable. Oh yeah, most definitely, just give them another pass, because they deserve it right??? NOT!
They've abused their 'free pass'.
Linux Tech Networks, Quality, affordable Linux Systems Administration
Member
You have no need to share my opinion and i have no need to shre your's
So one Deal;
i don't comment sensless post from you and you don't comment posts from me
Member
Ok, I get it that there are simpler and then more complicated procedures for cancelling a credit card. But that is your card out there with all the info with it to complete online transactions.
My company has clear guidelines of what to do when this happens:
1) protect customers
2) protect ourselves
3) audit
I assume WHMCS being proactive and sending the CC info to Visa/Mastercard would protect their customers. Their e-mail says "your card details may also be at risk". Well, card details are out in the wild, not just maybe at risk.
Anyway, why/how this happened is beyond the scope of this thread, unless a sysadmin from WHMCS posts an audit report and describes the enhanced security features implemented to prevent this from happening again.
I'm not blaming UGNazi. If it weren't for them, WHMCS would not know they have a problem with security. We all learn from mistakes, it is the magnitude of each mistake that defines our future.
Member
Then move on. PLEASE. You've made your feelings clear. Who are you going with for your billing choice?
Reply With Quote