hacked

WHMCS.COM Hackeado y bajo DDOS

whmcs

Nos enteramos que hace escasas 48 horas el popular sistema de manejo de hosting y facturación, WHMCS, ha sido hackeado. Desde WHCMS han comentado que no fue una intrusión al servidor por fallas de seguridad o explotación de código, sino una falla humana que permitió obtener datos de acceso a su servidor principal, donde hostean el sitio y el sistema de tickets.

Se aconseja a los usuarios que alguna vez ingresaron a WHMCS.COM y que puedan haber enviado datos de acceso a servidores o que también realizaron compras con tarjeta de crédito, que tomen las medidas necesarias para protegerse (cambio de passwords, control de facturas, etc).

Y para completarla, al momento de escribir este post el sitio whmcs.com está sufriendo un ataque DDOS que lo mantiene abajo.

Este es el comunicado oficial:

We are writing to advise you about an incident that occurred earlier today (May 21st, 2012) at WHMCS. It appears that their servers have been compromised, including the licensing servers and ticket system. The hackers are claiming that they will shortly be publishing a dump of WHMCS’s database to the public.

At this time, we are strongly advising all users to change passwords, that were used at WHMCS.com, on all other sites, as well as any server-related (FTP, SSH, etc.) credentials that you may have sent to WHMCS in a support ticket in the past. We also strongly advise that you monitor any billing methods that may currently be on file with WHMCS, this includes credit cards that we would suggest are cancelled as soon as possible.

WHMCS is currently claiming that the hack has nothing to do with WHMCS itself. We are unable to confirm the extent of the attack and what information may be at risk at the current time. We strongly advise that you take extreme precautions immediately to prevent any possible consequences.

If your license is presently reporting as invalid, please allow some time for WHMCS to get all of their licensing servers back online and functional. They are reporting updates at the following site. WHMCS Site Downtime – WHMCS Forums

Y desde aquí se puede ver el mensaje que los atacantes han dejado al dueño de WHMCS, al cual se acusa de no haber prestado atención a la seguridad de su software y servidor durante un largo tiempo.

Más información | WebHostingTalk, ComunidadHosting, WHMCS

Otros artículos interesantes:

Deja un comentario