Boxslots hacked AGAIN

[viruz99]

* Saw lots of customers filling up the boxslots sales threads - Bitch about it here instead

They are claiming its due to whmcs again but well 99% hosts on KWWH are using it and none are having these issues

viruz99 Reviewed by viruz99 on 6th Dec 2011. Boxslots hacked AGAIN * Saw lots of customers filling up the boxslots sales threads - Bitch about it here instead (y) They are claiming its due to whmcs again but well 99% hosts on KWWH are using it and none are having these issues Rating: 5

[EsotorisK]

Is that so sir?

[bxflow]

supposedly this was patched a week ago. Maybe they just didn't apply the patch,idk. I think servedome also suffered from this.

[rk-boxslots]

The patch was applied, All proof sent to WHMCS pending there view on this.

[Krun!x]

There is no other WHMcs bugs at this time.

[CameronS]

There is no other WHMcs bugs at this time.

No logic at all in that reply. It's called an exploit for a reason, if there were "known" exploits, WHMCS would fix them.

Fun fact for the day: There can be things called "Hidden Exploits"!

[Krun!x]

No logic at all in that reply. It's called an exploit for a reason, if there were "known" exploits, WHMCS would fix them.

Fun fact for the day: There can be things called "Hidden Exploits"!

If there was exploit you wouldn't be the first target. Why don't you check your logs? Do you even have logs? Do you know how to find an exploit in the logs?

[viruz99]

No logic at all in that reply. It's called an exploit for a reason, if there were "known" exploits, WHMCS would fix them.

Fun fact for the day: There can be things called "Hidden Exploits"!

Well like i said in the first post 99% of hosts here use whmcs - even smaller & noob companies that know little about security , yet nobody reported any hacking in the last few days/weeks.

If it was just random , dozen of other hosts would have been hacked as well.

+ same company twice in the same week....hmmm

[CameronS]

+ same company twice in the same week....hmmm

Sounds more like someone trying to get vengeance to be frank, that would explain why it was twice in the same week. It's not a matter of lax security, it's a matter of someone knows something the developers don't. Oh well, let's just search the WHMCS files for the exploit and fix it ourselves? Oh wait.. WHMCS files are encrypted, not much can be done there. And yes, we do have logs, but again it's down to WHMCS and they are taking their time answering the tickets.

[Krun!x]

Sounds more like someone trying to get vengeance to be frank, that would explain why it was twice in the same week. It's not a matter of lax security, it's a matter of someone knows something the developers don't. Oh well, let's just search the WHMCS files for the exploit and fix it ourselves? Oh wait.. WHMCS files are encrypted, not much can be done there. And yes, we do have logs, but again it's down to WHMCS and they are taking their time answering the tickets.

You can block most of those attacks on the server level, you don't really need WHMcs code. Did you even secure your main server?