Search results

Aah, that makes more sense.  But, still means that someone gained access to an admin account, and was having a gaye old time with it. What's truly disturbing is how long it's gone on without them having the sense to track down the issue, or even block public access to prevent further damage.

That's... rather frightening when you stop to think about it.  WHMCS has included password verification (the two-email process) for quite some time - and unless I'm blind, there's not an option to disable.  Which makes me wonder just how *old* their WHMCS install was. That was my first...

Not unless that's a newish rule?  I've had a dev license for years, and we've only owned our WHMCS license for the past.. maybe 15-20 months? EDIT:  Pretty sure the catch is they'll only provide support if you keep your owned license renewed - leased licenses are pretty much good to go.

Because if this were just a simple case of someone abusing the client-side password reset (like these guys seem to think), you would be receiving two emails.  The first being a confirmation email that would have you click a URL containing a randomized token - doing so would perform the actual...

Honestly irrelevant at this point.  I cannot replicate the resets folks are seeing in any other method other than as an admin.  Very good chance they're already compromised beyond the point two-factor would do any good.

With curl, no, as using curl would require actually having an admin login. BUT.  There are several other ways to accomplish the same thing that would not require a WHMCS admin account.

Bad news folks.  If GVH's WHMCS lets you change your client details (address, phone, etc) I very strongly suggest doing so now to try and keep your personal info safe. Given that they likely use WHMCS modules to allow access to the VMs, it would be a wise idea to go set new root passwords as...

Did the password you were sent work?

Would you mind pastebinning a couple of the emails (or just one if they're all the same), minus the passwords of course?  And possibly the headers from one or two of 'em?  There are actually several different emails from WHMCS relating to password resets, and I'm curious to know exactly which...

Similar situation here.  Which is why I posited the third option, that someone may have just gained access and was randomly resetting client passwords to screw with them. Now what's going to be absolutely *hilarious*, though - there is another possibility.  There might just be someone using the...

I tried, it did not.  Sorry, forgot to mention that in the last post.

Did a bit of testing on our WHMCS dev platform.. This does reset passwords.  It does not email clients. Original password, with md5 enabled: mysql> SELECT password FROM tblclients WHERE id = 1; +----------------------------------------+ | password |...

Blaming the Cron reeks of bullshit.   For starters, the cronfile is ioncube'd, unless they're pulling a Fabozzi and using cracked/unlicensed software.  The cronjob also has a very strict list of items to run, and modifying user accounts is not among those.  The only way the cronjob would've...

Good to hear there are secure alternatives now (and have possibly been around for awhile - I admittedly have not looked into automated payments, especially with cards, on WHMCS in quite some time.  We don't offer this solely out of distrust of relying on third party software to handle such...

This stinks of a 'sysadmin' fucking around in a production environment instead of a proper dev area.  The clients should be thankful it wasn't a Solus fat-finger resulting in their VMs being nuked. Anyone who has paid them with a credit/debit card should be nigh-terrified, though - any...

Eh, don't worry, he'll just request a permanent ban for himself, then want it removed a few weeks later so he can come back.

Welp, he did mention looking for a job, and was nigh-immediately called out on his self-professed lack of technical skills.  Perhaps paid shilling is the job he had in mind.

Related:

It has very little to do with being 'LowEnd', and much more to do with being a 'host-from-a-box' that doesn't do proper QC on new signups.  If you let "Abc Abc" of "123 Fake st" sign up without a second thought, you're going to get abuse no matter what your price point is. Just to put things...