21-12-2012, 10:06 #1
Hacker invade PoundHost Internet e faz a festa
Recebi por e-mail.
We recently identified an unauthorised third party had accessed an area of our billing system and as a result they were able to view and download the first issued username (root/Administrator), Password, ServerID and Primary IP Address from the initial server ready email you would have received upon taking your services with us. As a security precaution, we recommend that you change/update your root/administrator password and also the portal access password as soon as possible. We understand that having to update passwords can be a frustration, but we hope you recognise the need to protect your account and server.
Please Note: No card details or payment information has been compromised.
We are still investigating how this unauthorised access occurred, but we can assure you that no personal information was downloaded, however, a small number of customers details (including name, email, postal address, telephone, security question and answer where set) may have been viewed by the third party.
Please accept our sincerest apologies for the inconvenience caused by this issue. It goes without saying that our system administration and security teams have been working round-the-clock to ensure that relevant actions have been taken on both technical and procedural level, to ensure that this issue is resolved.
Getting In Touch
If you would like any assistance with resetting your password on your server then please visit the PoundHost blog at
Hosting, domain names & data storage | Poundhost Blog.
If you need further help and assistance with resetting your password or would like additional information, please feel free to raise a ticket through the PoundHost Portal at https://portal.poundhost.com and we will be available assist you.
PoundHost Internet Limited
UK Dedicated Servers and Server Colocation, Rack Space | PoundHost
Sales & Support: +44 (0)1628 777730
21-12-2012, 10:16 #2
O fim do mundo é hoje. Minutos após o e-mail da PoundHost, outro provedor inglês avisa que foi invadido:
Security Issue - PCSmart Group Billing System
We are dissapointed to have to write this email but early this morning we learned that our billing system had been compromised. It appears a MySQL injection technique was used to modify the Gateway table in our database. This has resulted in one customer completing a Liberty Reserve payment (Which we've never offered our customers) to an account not assosiated with ourselves. Our standard payment methods of PayPal, Google Checkout and Debit/Credit remain secure.
We also have reason to believe that passwords on some user accounts may have been compromised through further MySQL injection techniques, and as a precaution we have currently disabled logins to our billing system. Upon restoring the billing system we will force a reset on all user passwords as a precaution.
This incident has been logged with WHMCS and from speaking to a few contacts in the industry we are not the only ones to become victim of this attack. The server hosting our billing area is heavily locked down from unauthorized access, access to our database was gained via a vulnerability in the billing software only.
Further updates will follow once we restore normal service, appologies for any inconvenience this has caused.
The PCSmart Team
21-12-2012, 11:06 #3
- Data de Ingresso
- Sep 2010
se o fim do mundo é hoje ainda não sei mas isso é o fim do mundo...
21-12-2012, 12:08 #4
Como sempre o WHMCS está com problemas de segurança! Alguém conhece uma alternativa para controlar apenas o financeiro (cadastro de clientes, emissão de faturas, emissão de boletos bancários econtrole de planos/serviços) de uma empresa? Essa integração com o cPanel, base de conhecimento e tickets de suporte eu não vejo necessidade.
21-12-2012, 12:32 #5
- Data de Ingresso
- Feb 2011
Acredito que qualquer outra solução, cedo ou tarde, enfrentará o mesmo problema. Eu me vejo perguntando o mesmo que você.
De qualquer maneira, vivo pensando em iniciar algo pra nos atender internamente (existe um aqui, mas não tem as integrações necessárias para comport uma automação lucrativa pro negócio), porém, as responsabilidades de se manter um sistema interno com segurança, não são pequenas.
Vejo que fazer algo é fácil, e que complexo é projetar, e mais tenso ainda é manter."Excusatio non petita, accusatio manifesta."
21-12-2012, 14:02 #6
Não está claro que se trata de vulnerabilidade no WHMCS.
21-12-2012, 14:26 #7
Da Matriz ...
This is likely the Google Checkout vulnerability (assumes they have Google Checkout as a payment method) if it's been there for a few weeks. They may have patched it up after the security advisory was released, but might not have noticed that someone added a gateway by injection until a user made a payment with it now. Hence, I wouldn't think it's a new vulnerability, but better to wait for an official word on the matter.
Going through our backups it looks like our install was actually compromised before we applied the google checkout patch, it went un-noticed that a new payment gateway had popped up as it's not something I really keep an eye on.
We were on version 4.x.
We've done a fresh install of the latest release (5.1.3) ...
Anyone else had their WHMCS Google gateway hacked?
Última edição por 5ms; 21-12-2012 às 14:34.
21-12-2012, 16:59 #8
O único inconveniente que vejo é não ter a integração com o cPanel, mas veja que isso é até bom no quesito segurança: é melhor ter um trabalhinho a mais para habilitar/desabilitar contas do que um trabalho muito maior de corrigir uma invasão com deleção de várias contas.
28-12-2012, 08:49 #9
- Data de Ingresso
- Sep 2010
28-12-2012, 09:18 #10