[AusNOG] whmcs.com - hacked

Shaun McGuane shaun at rackcentral.com.au
Tue May 22 10:49:10 EST 2012


They have got access to the hosting server and leaked the whole cpanel
hosting account.

Which means your whmcs client passwords to the whmcs.com website are not
safe and 
as long as you have not provided whmcs staff any login details to your
servers to carry out 
work via a support ticket, then your installation should be fine.

Best practice chance admin passwords just in case....

Regards
Shaun

-----Original Message-----
From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark Newton
Sent: Tuesday, 22 May 2012 10:36 AM
To: Joseph Goldman
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] whmcs.com - hacked

On Tue, May 22, 2012 at 10:32:59AM +1000, Joseph Goldman wrote:

 >  But of course, all your other information such as tickets and billing  >
information should be on the lookout to change, change all your  > important
passwords especially if for some reason you supplied it in a  > ticket to
WHMCS or anything of that nature.

I wouldn't put too much faith in the claim that client passwords are okay
because they're hashed either.  A bit of rainbow table analysis would yield
a decent proportion of passwords pretty quickly.

 - mark
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog




More information about the AusNOG mailing list