nope not true... it all runs off the mod_sftp system built into proftpd... no need to give out shell access and definitely no need to use jail shell since we are not talking about the openssh sftp sub system.Originally Posted by vincent_g
Member
nope not true... it all runs off the mod_sftp system built into proftpd... no need to give out shell access and definitely no need to use jail shell since we are not talking about the openssh sftp sub system.
Member
For those who were freaking out because their data was just leaked making claims of keys to kindom etc... honestly been doing some digging around on different underground sites and it seams that most of their scanners used google to find the WHMCS installs... didnt matter if you pay unbranded or not... the scanners find it with basic google search:
inurl:submitticket.php
then their scanner loops through result pages checking url to be a match and if it is exploitable
see for yourself: https://www.google.com/#hl=en&sclien...bmitticket.php
Member
day before yesterday my card I had on file with whmcs was used all over GB. bank already reversed it.
I'm not sure if it's related but it seems conicidental. A good idea to cancel any cards you may have had saved with whmcs.
PS: one of the charges was Papa Johns in GB.
Last edited by BarrySDCA; 06-06-12 at 04:12 PM.
Member
sorry your card was used
this was advice given by WHMCS once they started to regain control back, so is not new advice
Reply With Quote