WHMCS Global Services - Hacked


#1

Taken from WHT:

Except WHT removed the hacker manifesto (doh) posted on pastebin:
https://pastebin.com/ZpNUBrG1

I had never heard of this company before, but if any of you are using their modules, apparently they are riddled with security holes (according to the hackers), so you might want to look into it.


#2

They have a bunch of whmcs modules, I guess the most known is their bitcoin gateway?
If you have any of their modules installed, remove them as soon as possible.

the auto_patch.zip mentioned will actually remove a db table and your modules directory… :scream:


#3

I bought an Alipay module from them from them a few years ago, but never got around to installing it. Lucky me.

The hackers first sent an email from WHMCS Global Services with this content:

https://pastebin.com/U19qn1W1

4 hours later, a second legitimate email from WHMCS Global Services:

https://pastebin.com/ifSD4JXn

I then ticketed to have my account permanently deleted, and they removed my ticket without removing my account :frowning:

The next day, an e-mail was sent containing a link to the pastebin:

As promised here all information about the hack: https://pastebin.com/ZpNUBrG1

Oh well. Since it’s pretty unlikely that they were hacked through their WHMCS install, it’s pretty clear hackers got in to their site via them running one of their own insecure modules. Agreed with mikho to remove any ASAP.