WHMCS, waspadalah ...


Status
Not open for further replies.

dwkblog

Beginner 1.0
Barusan dapat email dari WHMCS :

We regret to inform you that last night our system was compromised and miscellaneous files were added to our site. There is potential that some of your private data may have been seen by the an outside source. If you have ever processed a credit card on our site we advise you to verify that there are no miscellaneous charges on your next bill.
We take security breaches very seriously. We responded to this issue promptly and have confidence that we neaturalized the threat. Since the WHMCS source is encoded it is nearly impossible to for us to see potential security threats before they occur within WHMCS. We have implemented the latest WHMCS security patches to prevent further vulnerabilities. We advise you to do the same if you have yet to do so. For more information and to download the latest security patch to prevent this vulnerability please visit http://forum.whmcs.com/showthread.php?p=206522
We appreciate your understanding in this matter. Let me know if there is anything else we can do for you.

Thanks and Happy Holidays,
Jeremy Haber

You are receving this email as you have an account on WHMCSAddon.com .

Dan juga ada yang sudah terkena hack, http://forum.whmcs.com/showthread.php?t=43831

Jadi waspadalah..... waspadalah ....
 

susan

Apprentice 2.0
Email tsb bukan dari WHMCS tapi dari WHMCSAddon.com, jadi bukan whmcs.com yg kena hacked tapi whmcsaddon.com, coba perhatikan baris terakhir

You are receving this email as you have an account on WHMCSAddon.com

Dan rasanya patch WHMCS sudah ada sejak awal des yg lalu. Mungkin mereka belum pasang patchnya

.
 

galuh82

Hosting Guru
Verified Provider
hehehe .. hampir aja mau panik, eh ternyata benar kata mba susan itu bukan dari whmcs.com

salam,
 

sigmabisnis

Hosting Guru
Verified Provider
Email tsb bukan dari WHMCS tapi dari WHMCSAddon.com, jadi bukan whmcs.com yg kena hacked tapi whmcsaddon.com, coba perhatikan baris terakhir

Dan rasanya patch WHMCS sudah ada sejak awal des yg lalu. Mungkin mereka belum pasang patchnya

.

Apakah itu juga berarti masalahnya berasal dari yg pakai whmcsaddon ?
 

indonic

Apprentice 1.0
iya bener file submitticket.php di WHMCS bermasalah, ada temen saya yang jago detect lubang security, mendeteksi bahwa file tersebut bisa query mysql dengan menggunakan script python dari luar dan mengambil session id PHPSESSID WHMCS... dan di anjurkan oleh teman saya tersebut untuk di remove file tersebut untuk keamanan, jadi kirim tiket manual lewat email saja...:(

DAMN...Padahal sudah pake SSL tetap bisa nembus jg...:(
 
Status
Not open for further replies.

Top