back to article Titsup WHMCS calls the Feds after credit-card megaleak

WHMCS, which provides billing and customer support tech to many web hosts, was comprehensively hacked on Monday and remains offline. Hackers tricked WHMCS's own hosting firm into handing over admin credentials to its servers. The group that carried out the hack, UGNazi, subsequently extracted the billing company's database …

COMMENTS

This topic is closed for new posts.
Devil

This means that there was no actual hacking of our server.

Oh so that all right then.

The weakest part of any network is the 'dumb fucks' in charge of it.

Epic fail

8
1
WTF?

Re: This means that there was no actual hacking of our server.

I fear for my money when numpties like this get 'hacked/social engineered like this.

"TRAINING AND AWARENESS YOU STUPID DOLTS!!!"

0
1
Facepalm

Re: This means that there was no actual hacking of our server.

So basically, the hosting company had monkeys at the helm. And WHMCS aren't much smarter.

Lovely.

1
1
Anonymous Coward

Re: This means that there was no actual hacking of our server.

I wish they could invent a good anti-virus program that could be installed in people!

0
0

Re: This means that there was no actual hacking of our server.

They have. It's called concrete. Because the only truly secure human is one that's been encased in cement and dropped into the ocean. Oh, wait, that's a computer. Well, same idea really.

2
0

Re: This means that there was no actual hacking of our server.

A boot in the jacksie?

0
0
Silver badge
Pint

Never leave Colin, the work-experience kid, in charge

No matter how thirsty you are for the pub.

4
0
Anonymous Coward

The quotes were from the owner of WHMCS, so he has some lame security questions.

1
1
Anonymous Coward

@AC 13:15 -- Yup

"The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions"

WHMCS Security Question: "When was the War of 1812 fought?"

0
0
Vic
Silver badge

Re: @AC 13:15 -- Yup

> WHMCS Security Question: "When was the War of 1812 fought?"

That's actually a very good security question - with the answer being something along the lines of "three squirrels and a lemon"

Vic.

5
0
KJB
Thumb Down

It's all very well encrypting the credit card into in the database, though when you leave the salt in plain text in your config files and the whole cPanel account backup gets offered up for download then that encryption pretty much means squat.

Cancel your cards people.

2
1
Silver badge
Meh

Errr....

Don't you always leave the salt in plain text in the files?

1
0
Unhappy

OK, so this may be a silly question, how would anyone know if their details are at risk?

Is there a list of web hosts, sites & services that use WHMCS?

0
1
Anonymous Coward

Yes, the database was released on twitter which has a list of absolutely everything. This includes:

- credit card numbers

- full name and address

- security questions/answers

- email history (some even include root logins to other web hosts)

- invoice history of each company

- pricing tier of each company

- affiliate history

- password reset reminders

- license keys and who is using those license keys

- admin logs and admin activity logs

And so much more.

0
0
Silver badge

Is there anyway to check if you're on there without downloading a tonne of other people's credit card details, however? That would be useful as I really don't need or desire the rest of the data.

0
0
Silver badge
Devil

Bah!

I love the "justification" for this attack.

I hate what the Warwickshire police are doing. I complained but no one did anything so to force the issue I've had keys cut for every house in Leamington on Spa and sold them to burglars".

2
0
Bronze badge
FAIL

Re: Bah!

Yes when normally the people running the scams crack the software so they don't have to pay for it.

Dump and Run scams are far to wide spread and although annoying I'm not sure how they would know they would be running scams, its more than likely going to affect the smaller webhosts relieing on it to help run their business.

Oh and Fail for leaving decryption key in the open!

0
0

So they are hosting on a PP IP range?

Domain name: websitewelcome.com

Administrative Contact:

Whois Privacy Protection Service, Inc.

Whois Agent (ntlfqyxhc@whoisprivacyprotect.com)

+1.4252740657

Fax: +1.4259744730

PMB 368, 14150 NE 20th St - F1

C/O websitewelcome.com

Bellevue, WA 98007

US

I thought only scammers and hackers used PP?

2
0
Boffin

Terminology

Something doesn't add up in the terminology here: "Card information was salted and hashed". What use is a hashed credit card number, either to Bad Guys or indeed to the service itself? More likely they were symmetrically encrypted and the passphrase stored in the filesystem somehow. That does at least mean that the DB replicating backups are not sensitive in themselves.

The problem of how to protect information in the DB, private keys etc. from a root attacker is always a tricky one. You could demand entry of the passphrase at startup but that prevents unattended restart, and in theory a really determined attacker could get it out of memory if they can get access to the running daemon.

Of course the trick is to avoid getting rooted in the first place... When your hosting provider demands your root password, refuse, quoting this story!

2
0
Silver badge
FAIL

Re: Terminology

>When your hosting provider demands your root password, refuse

Wow no security expert that seems pretty obvious. Then again retards who use Office all day and think they contribute to anything probably gave it to them to reduce support costs.

0
0
Anonymous Coward

Let the fun begin

It seems like hackers can't wait to get to the Iron Bar Hotel - they want express service.

1
1

This post has been deleted by a moderator

This topic is closed for new posts.

Forums