Community Forums

Discuss, share and get help from our community of friendly WHMCS users

Close
Login to Your Account
Page 17 of 36 FirstFirst ... 71516171819 27 ... LastLast
Results 241 to 255 of 529
  1. #241
    Join Date
    Feb 2010
    Location
    United Kingdom
    Posts
    608

    Default

    I just want to make something here clear.

    Everything you give to WHMCS because your a business should be publicly available anyway.

    Your account email should not be, nor should any billing details, but all the rest should be. If you are operating legitimately.

    The email address to log in can be changed. If the old one gets spammed to death, close it. Personally i use one dedicated email address for whmcs. and as a result i will find if spammed, it will be deleted and a new email created. its really that simple.

  2. #242
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    99

    Default

    Quote Originally Posted by disgruntled View Post
    This shows what you know. This would actually be scotland yards domain as they are a UK based company. That or interpol as the breach occured in the usa.

    I think they should bring in the CIA instead or MI6 to take out the support worker that made such a prolific error.

    (well we are going down the silly road are we not)
    WHMCS Team told they involed FBI

    Quote Originally Posted by TommyK View Post
    So you think FBI have a admin account at twitter? And you cannot think of any other reason that hackers get the twitter account details other than it must be the same as their server login?

    Amazing thought skills.

    I don't say this, that FBI hve admin Access to Twitter. Please read correct

    But: Why i got the Files Announcements from the WHMCS Twitter Account?? So i must think, one of the Admins use the Same Password on every account

  3. #243
    Join Date
    Dec 2008
    Location
    South Carolina, USA
    Posts
    99

    Default

    I read the threads posted by Mat and according to the threads this is all due to the hosting provider
    giving the hackers access after meeting all the challenges requested.

    I would think that such an important client such as the WHMCS company that they would have called
    and talked to Mat personally on the phone before giving that level of access.
    Cut Above Host Click Here To Visit
    24/7 Support/99.9% uptime Paypal accepted / Established in 1999
    Shared Hosting/ VPS/ Cloud Hosting/ Cloud Servers


  4. #244
    Join Date
    May 2011
    Posts
    32

    Default

    Quote Originally Posted by supernix View Post
    I read the threads posted by Mat and according to the threads this is all due to the hosting provider
    giving the hackers access after meeting all the challenges requested.

    I would think that such an important client such as the WHMCS company that they would have called
    and talked to Mat personally on the phone before giving that level of access.
    WHMCS IS SO GREEDY: They stop offering a Free Trial
    WHMCS IS SO CHEAP: They use Hostgator for hosting

    A company like whmcs that has such high profile clients can use HG for hosting.
    I never use HG and I am not even close to these guys.

    I guess the main purpose is to collect our money but dont protect us from issues like this that leads to identity theft and more

    Shame on WHMCS TEAM for making such cheap and horrible hosting choices.

  5. #245
    Join Date
    Aug 2007
    Posts
    139

    Default

    Quote Originally Posted by gOOvER View Post
    But: Why i got the Files Announcements from the WHMCS Twitter Account?? So i must think, one of the Admins use the Same Password on every account
    So it didn't occur to you at all that the twitter password could have been stored in the whmcs database?

  6. #246
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    99

    Default

    Quote Originally Posted by TommyK View Post
    So it didn't occur to you at all that the twitter password could have been stored in the whmcs database?
    No, but Matt use the same Password at all accounts as it seems
    Last edited by gOOvER; 05-22-12 at 11:07 AM.

  7. #247
    Join Date
    Dec 2008
    Location
    South Carolina, USA
    Posts
    99

    Default

    You would think that someone as important as WHMCS that they would have called Matt and talked to him personally before giving root access to anyone.

    Why would they need to give anyone a free trial?
    I don't get that part. WHMCS has a long vetted career with loads of documentation and references.
    Cut Above Host Click Here To Visit
    24/7 Support/99.9% uptime Paypal accepted / Established in 1999
    Shared Hosting/ VPS/ Cloud Hosting/ Cloud Servers


  8. #248
    Join Date
    Feb 2010
    Location
    United Kingdom
    Posts
    608

    Default

    This is my last posting on this subject.

    As a reminder to all.. Cancel cards, Reset passwords, Change emails

    After this, let sleeping dogs lie, we are understandably concerned but with the above measures in place. We can all sleep easy tonight and await another eventful day.

    Fair well and good luck.

    PS:: Your card provider will want full details of the attack and to be protected against fraudulent use of your card you need to report to them within 24 hours of the incident. (this means about 4PM GMT today i believe)

  9. #249
    Join Date
    May 2011
    Posts
    32

    Default

    Quote Originally Posted by supernix View Post

    Why would they need to give anyone a free trial?
    I don't get that part. WHMCS has a long vetted career with loads of documentation and references.
    the point is, they are eager to hold your money instead with a 30 days money back, this started when they implemented the never version 5

    There is more to a company that eager to sell, which was whmcs main goal as security was at the bottom of there priority list.

    I love the software but we will not continue to use it if this is how they handle privacy and security.

  10. #250
    Join Date
    May 2012
    Posts
    90

    Default

    The fact of the matter is this: WHMCS makes an embarassing amount of dosh a week. They can afford their own network technician, and their own hardware colocated at a reputable datacenter. If we assume the lowest licenxse price for every customer in the DB it's something like 500k a month. That's the low end.

    Instead, WHMCS have chosen to host with a company that has a frankly embarrasingly bad reputation (mention HostGator on WHT at your own peril), and not only that: they've given them the keys. And why? In case things like this happen. It's easy to blame the provider if they're the ones "managing" the server, right?

    It's meaningful to remember: this started with a compromise of Matt's email. So they didn't just go up to HG and ask to get in, they DID compromise AT LEAST ONE system of WHMCS, Matt's email. From the sounds of it, he used that emailfor just about everything, which is poor form, because if someone did get that email, you can just reset the passwords for everything using that email and then it's not really any better than using a single login/pass on every site.

    Furthermore, the credit card security is just bollock, and this is the most worrying. A company we're trusting to write our billing software either couldn't figure out how to, or couldn't be bothered to, properly store our cards in a PCI-compliant way. This is just terrible on WHMCS' end and if you have any fees related to freezing/reissuing your Credit Cards I fully suggest you push the matter with your CC company that this is from WHMCS' negligence, not your own. Make sure you let them know the site has been found not to be PCI-compliant.

    The response to this from the WHMCS staff has been lukewarm at best. I still have yet to receive an email. I am sure there are many WHMCS customers that haven't - and don't know their credit cards are in the wild.
    Be comfortable with your computing solutions
    Viridian Tower Electronics

  11. #251
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    99

    Default

    And a big shame: NOONE OF WHMCS TEAM RESPONSE HERE IN THREAD. ONLY IN THESE SENSELESS NEWS

    Gogo Matt, we want some good answers

    if not, i believe, you lost a lot of WHMCS Users.

    @ecayer: +100 you're abolute right

  12. #252
    Join Date
    Nov 2008
    Posts
    9

    Default

    Passwords were compromised, they are in the email logs.

  13. #253
    Join Date
    Oct 2006
    Posts
    3,364

    Default

    Quote Originally Posted by disgruntled View Post
    This shows what you know. This would actually be scotland yards domain as they are a UK based company. That or interpol as the breach occured in the usa.
    And the above is incorrect. As the issue/breach occurred on US soil (the server), it's US based authorities that would be contacted.
    FBI: http://www.answers.com/topic/what-does-the-fbi-do
    Better not to cast stones until you're sure you're right.
    I think they should bring in the CIA instead or MI6 to take out the support worker that made such a prolific error.
    Unsure about MI6, but the CIA doesn't deal with this sort of thing.
    https://www.cia.gov/about-cia/faqs/index.html#whatdo

    To those of you yelling that WHMCS is insecure?
    From what Matt stated, and I have no reason not to believe it, it was a compromised email account that was used to gain all sorts of other access. I find it plausible. Has nothing to do with the security of the script, so calm down a bit and get a grip.

  14. #254
    Join Date
    Aug 2010
    Location
    UK
    Posts
    11

    Default

    Website seems to be under a DDoS attack. http://twitter.com/#!/whmcs/status/204898785216831489

  15. #255
    Join Date
    Jul 2005
    Location
    UK
    Posts
    8,744

    Default

    Here's the latest on what's happening currently: http://forum.whmcs.com/showthread.php?t=47672

    Matt
    WHMCompleteSolution
    The Complete Client Management, Billing & Support Solution
    www.whmcs.com

Page 17 of 36 FirstFirst ... 71516171819 27 ... LastLast

Similar Threads

  1. Whmcs Hacked
    By docsharp in forum Using WHMCS
    Replies: 8
    Last Post: 07-24-08, 01:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •