Categories
WHMCS

A Dark Month for WHMCS

While a lot of forums insist that the WHMCS hack that occurred during May of 2012 was a cause of a social engineering attack, I have reason to believe that the hack was actually a lot simpler. The hack, I believe, is more of a system vulnerability issue, and that systems were penetrated via SQL/code injection. Once compromised the hacker is given 100% access to your whole website. Through my 20 years experience in programming, I have reason to believe that the hack exposed flaws in WHMCS that only a developer of WHMCS would know. I believe that either the flaw was released to hackers by a person who has been programming WHMCS code for years. Or, the person who has been working with WHMCS code pioneered the hack himself. I also have reason to believe that the hackers are actually from the UK, the birthplace of WHMCS.

Hacker modified my website homepage to this. He even scraped an image on my website and put it on his splash page.
Hacker modified my website homepage to this. He even scraped an image on my website and put it on his splash page.

A website of mine got hacked three times within a week in the month of May 2012. The hacker was able to gain entry at least two other times after I reset all my passwords due to the initial attack (WHMCS admin, WHM, CPANEL, FTP and all MySQL databases were reset). This led me to believe that the hack was automated and ran via a script. While my website was being hacked, my Google Analytics indicated that my daily website pageviews spiked from around 10 views a day to just under 1000 and that 99% of the traffic on my website is from the UK.

I also read a few articles today that they reckon that the WHMCS hacker has been arrested. I guess we now have a scapegoat so everyone can rest easy. Unfortunately, the ultimate perpetrator of the problem might still be working in the WHMCS development house. This disgruntled employee might be planning his next attack as we sleep. Don’t expect this problem to go away anytime soon.
I make it a habit not to accept payments via credit card so there is no need for me to store customer card details. That way, hackers have nothing to gain from penetrating my website except I’m inconvenienced every time it happens.