WHMCS Global Services - Hacked

Taken from WHT:
https://www.webhostingtalk.com/showthread.php?t=1731675

Except WHT removed the hacker manifesto (doh) posted on pastebin:
https://pastebin.com/ZpNUBrG1

I had never heard of this company before, but if any of you are using their modules, apparently they are riddled with security holes (according to the hackers), so you might want to look into it.

1 Like

They have a bunch of whmcs modules, I guess the most known is their bitcoin gateway?
If you have any of their modules installed, remove them as soon as possible.

the auto_patch.zip mentioned will actually remove a db table and your modules directory… :scream:

I bought an Alipay module from them from them a few years ago, but never got around to installing it. Lucky me.

The hackers first sent an email from WHMCS Global Services with this content:

4 hours later, a second legitimate email from WHMCS Global Services:

I then ticketed to have my account permanently deleted, and they removed my ticket without removing my account :frowning:

The next day, an e-mail was sent containing a link to the pastebin:

As promised here all information about the hack: https://pastebin.com/ZpNUBrG1

Oh well. Since it’s pretty unlikely that they were hacked through their WHMCS install, it’s pretty clear hackers got in to their site via them running one of their own insecure modules. Agreed with mikho to remove any ASAP.

2 Likes

This fake identity has threatened unspecified action against HB for this thread: https://www.linkedin.com/in/aaron-jones-4bb163167

Though I like to keep things friendlier here, I would like you all to be aware that this company is run by a fake identity who desires not to own mistakes, but scrub the internet of evidence of his mistakes.

18 Likes

I thought they got hacked again, lulz

1 Like

It seems they did manage to remove the pastebin file though…

1 Like

This calls for popcorn…

 case_insensitive=1

 IF msgbody CONTAINS "immediate" OR "ASAP" AND "thread" > /var/LOLBOX
3 Likes

Jarland Moon, owner of Host Farms.

Fancy wordings without substance is all I see.

1 Like

Be glad it was Aaron Jones instead of Alex Jones.

2 Likes

Hostballs is turning the Pythons gay!

1 Like

Wasn’t there mirrors of the pastepin? My experience with WGS was also very bad.

I wonder why they are still allowed to participate in the WHMCS marketplace. Probably many of the addons are still insecure, they will not learn overnight how to program safely.

Welcome to HB!

I couldn’t find any mirror but to my opinion that’s only a good thing. Their (mostly unknowing) customer base shouldn’t have to pay for WGS’s bad code practices. This topic and others should serve a SEO purpose only, having WGS customer data out in the open is more hurtful to their customers than WGS.

2 Likes