WHMCS, waspadalah ...

[dwkblog]

Barusan dapat email dari WHMCS :

We regret to inform you that last night our system was compromised and miscellaneous files were added to our site. There is potential that some of your private data may have been seen by the an outside source. If you have ever processed a credit card on our site we advise you to verify that there are no miscellaneous charges on your next bill.
We take security breaches very seriously. We responded to this issue promptly and have confidence that we neaturalized the threat. Since the WHMCS source is encoded it is nearly impossible to for us to see potential security threats before they occur within WHMCS. We have implemented the latest WHMCS security patches to prevent further vulnerabilities. We advise you to do the same if you have yet to do so. For more information and to download the latest security patch to prevent this vulnerability please visit http://forum.whmcs.com/showthread.php?p=206522
We appreciate your understanding in this matter. Let me know if there is anything else we can do for you.

Thanks and Happy Holidays,
Jeremy Haber

You are receving this email as you have an account on WHMCSAddon.com .

Dan juga ada yang sudah terkena hack, http://forum.whmcs.com/showthread.php?t=43831

Jadi waspadalah..... waspadalah ....

 

[mixmaxspace]

Yang punya aja kena gimana yang user2-nya

 

[atriumhosting]

lama2 whmcs ku ganti pake html biasa deh

 

[mixmaxspace]

lama2 whmcs ku ganti pake html biasa deh

Hahahaha... data2 dicatet di buku tagihan. jadi tukang kredit klontong keliling dong

 

[susan]

Email tsb bukan dari WHMCS tapi dari WHMCSAddon.com, jadi bukan whmcs.com yg kena hacked tapi whmcsaddon.com, coba perhatikan baris terakhir

You are receving this email as you have an account on WHMCSAddon.com

Dan rasanya patch WHMCS sudah ada sejak awal des yg lalu. Mungkin mereka belum pasang patchnya

.

 

[galuh82]

hehehe .. hampir aja mau panik, eh ternyata benar kata mba susan itu bukan dari whmcs.com

salam,

 

[sigmabisnis]

Email tsb bukan dari WHMCS tapi dari WHMCSAddon.com, jadi bukan whmcs.com yg kena hacked tapi whmcsaddon.com, coba perhatikan baris terakhir

Dan rasanya patch WHMCS sudah ada sejak awal des yg lalu. Mungkin mereka belum pasang patchnya

.

Apakah itu juga berarti masalahnya berasal dari yg pakai whmcsaddon ?

 

[indonic]

iya bener file submitticket.php di WHMCS bermasalah, ada temen saya yang jago detect lubang security, mendeteksi bahwa file tersebut bisa query mysql dengan menggunakan script python dari luar dan mengambil session id PHPSESSID WHMCS... dan di anjurkan oleh teman saya tersebut untuk di remove file tersebut untuk keamanan, jadi kirim tiket manual lewat email saja...

DAMN...Padahal sudah pake SSL tetap bisa nembus jg...

 

[premium]

untung ga pake add-on-an ... ntar bakal di patch jg ama org whmcs

 

[indonic]

untung ga pake add-on-an ... ntar bakal di patch jg ama org whmcs

itu bukan dari addon bos, nanti malam temen saya dan saya akan coba lagi dan akan kirimin hasil output dari scanning dia.