• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Whmcs Hacked

JJW

NLC
NLC
If you haven't heard whmcs has been hacked and licenses are not working for lots of hosts. Waiting for all the implications.
 
Howly cow!
Mine is still working tho.. haven't updated for a while. But this really sucks!
 
Hi,
Providing you have a valid local license key then you should not have experienced any interuptions in service. If you were doing a new installation or moving your license and thus requiring a license refresh, these will not have been available until the site was back online. Or alternatively if your local key was not valid prior to this downtime, then you may have experienced issues validating, so please do get in touch with us now so any local key issues with your installation can be resolved.

Now our systems have been restored, a status update has been posted here: http://forum.whmcs.com/showthread.php?t=47650. Any further notifications will also be made there.
 
And there you have it, the reason why I wrote my own billing system instead of relying on WHMCS.

Hopefully nothing important got taken or lost.
 
And there you have it, the reason why I wrote my own billing system instead of relying on WHMCS.

Hopefully nothing important got taken or lost.

I actually migrated to HostBill last week, but sadly my CC details were still in the WHMCS billing system - had to cancel that card. I'm glad I browse WHT regularly because otherwise I would have never known about this and would probably be out several thousand dollars. I still haven't received a single email from WHMCS regarding this incident.

@WHMCS-John, I'm very interested in knowing what kind of compensation everyone involved in this fiasco is going to receive since now all of my information is available on the internet as is your whole client base. This includes past passwords, addresses, phone numbers, credit card details, etc. This isn't something you can just apologize for and then pretend nothing happened.
 
Hi,
If you purchased a licence directly from us and are therefore affected by the issue all clients were emailed about it on the night/morning of the 21st/22nd.

We are currently making every effort to restore full service and as far as humanly possible, we have done everything possible to ensure it won't happen again.

At this time we do not have any details about possible compensation, if compensation is made available in future it will be announced on our website or via email. I would ask you to kindly bear with us, frequent updates are being posted at on our forum so I would ask you please monitor those for further updates on the situation: http://blog.whmcs.com


We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
 
All I can say is, it's a good thing that I am using ClientExec.

It's a bit concerning that WHMCS was hacked, considering that their software directly plugs into WHM Servers, I'm wondering whether the WHMCS Software is really all that secure considering the owner's server was hacked. Nothing against WHMCS, it's good software, but I am concerned about all the hosts that could be hacked IF WHMCS' software security is not up to scratch...

Anyone else share the same level of concern?
 
The WHMCS server was hacked via a social engineering method at their webhost HostGator, apparently the hacker gained access to the server by requesting a email address change to the hosting account and then took control of the server.

There was no risk to existing whmcs installation as a result of this issue.
 
If you read what happened, there was no hacking involved. So no, I don't share the same level of concern at all.
Sorry, sometimes I have a tendency to get too caught up in what I am doing then to read. Thanks for pointing this out :)

The WHMCS server was hacked via a social engineering method at their webhost HostGator, apparently the hacker gained access to the server by requesting a email address change to the hosting account and then took control of the server.

There was no risk to existing whmcs installation as a result of this issue.
This is concerning about the level of security HostGater has in the fraudprevention, and account security department. I was working for a website hosting and designing firm that focused on Real Estate websites, and the issue I had with them was that they had no policies in place to prevent social engineering. This is one of the first few methods practiced by hackers today. Being of which, is also one of the least protected.
 
Sources have said that this is coming from a staff. I just hope that these allegations aren't true.
1.gif
 
Back
Top