Categories
Hosting

WHMCS.com Compromised

21st May 2012 – Status Update

Dear All,

It may be a little early for this post since at this time, our web hosting provider are still investigating and looking into exactly what happened, and why, and are yet to report back to us. But here is what we know at this point in time.

A little over 4 hours ago our main server was compromised. This server hosts our main website and WHMCS installation.

What we know for sure

1. Our server was compromised by a malicious user that proceeded to delete all files
2. We have lost new orders placed within the previous 17 hours
3. We have lost any tickets or replies submitted within the previous 17 hours

What may be at risk

1. The database appears to have been accessed
2. WHMCS.com client area passwords are stored in a hash format (as with all WHMCS installations by default) and so are safe
3. Credit card information although encrypted in the database may be at risk
4. Any support ticket content may be at risk – so if you’ve recently submitted any login details in tickets to us, and have not yet changed them again following resolution of the ticket, we recommend changing them now.

At this time there is still no evidence to suggest that this compromise actually originated through the WHMCS software itself. This was not merely a WHMCS system access, and since we do not provide hosting ourselves, our WHMCS is not hooked up in any way to our server.

We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.

Once again, we strongly urge all users to cycle all their passwords, not just for WHMCS, but for any associated services that may have been provided to us at any point in time.

As soon as we know more, we will post further updates.

Matt

————
21st May 2012 – Further Update

Following an initial investigation I can report that what occurred today was the result of a social engineering attack.

The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions. And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details.

This means that there was no actual hacking of our server. They were ultimately given the access details.

This is obviously a terrible situation, and very unfortunate, but rest assured that this was no issue or vulnerability with the WHMCS software itself.

We are immediately reviewing all of our hosting arrangements, and will be migrating to a new setup at the earliest opportunity.

I would like to take this opportunity to thank all of you who have sent in messages of support, and offers of help. It has clearly been a very stressful time, and I thank everyone both personally and on behalf of WHMCS for their loyalty and support.

The matter is now in the hands of the FBI.

——–

Additional information:

The WHMCS database has been released publicly – if they had (through a support ticket or whatnot) any of your login/cpanel information you should change the passwords on your server ASAP! Also you may want to monitor your credit card usuageĀ  or contact your credit card company if whmcs had this information on file. Read more on WHT @ http://www.webhostingtalk.com/showthread.php?t=1156920

Categories
Hosting

Start Your Own “Nairaland” For FREE!!!

Nairaland.com is probably the most visited forum in Nigeria. Interested in starting up yours? You just might be the one to upseat Nairaland, and for free too!

Probably the best platform you can start your forum on is Simple Machines Forum (SMF). It is free and very secured. But most importantly, the process involved in setting one up takes just a few minutes. The steps to take are itemised below;

1. Order for a FREE web hosting plan from arthurwales.com. You may use an existing domain name with it or you may place an order for one.
2. Log in to your CPanel. If your chosen domain name is, say, www.naijawristwatches.com, then your cpanel address is www.naijawristwatches.com/cpanel. Your login details would have been provided in a mail you received when your hosting account with arthurwales.com was activated.
3. You have a choice of an automated installation of SMF via Fantastico in your cPanel or doing it manually. You will find Fantastico under Software/Services in your Cpanel. Just Click on it and do a quick search for SMF. Installation takes a few minutes.

4. However, the best option to take would be to download the full installation zip file from http://download.simplemachines.org/, that way, you would be getting the latest version of the installation file, SMF 2.0
5. Create a database via your cpanel. Check under Databases for MySQL Database.
6. Upload the downloaded zip file to your web hosting space using the File Manager in your CPanel. Ensure the file is uploaded to the public_html folder , then extract the content there.
7. Type the following url in your browser; www.yourdomainname.com/install.php
Username and Password are your CPanel login details

In the Screen above, select a username and password for your admin login screen.

With this, the installation is completed. A sample installation of SMF forum can be viewed at www.artwal.es

PS: If you get stuck or you will rather not attempt the installation, subscription to arthurwales.com web hosting qualifies you for a free installation. Submit your request at www.facebook.com/diaryofageek

 


Categories
Hosting

arthurwales.com listed In The Top 100,000 Websites In The World!

After only 3 months of operation, the arthurwales.com website has been listed as one of the top 100,000 websites in the world. This is in line with our goal of replacing Google and Facebook in the top spots. As of 21 December, 2010, the website’s ranking stood at 98,594th website in the world, according to Alexa Ranking.

The Ranking Company also listed the site as the 267th most visited site in Nigeria.

Thank you so much for your patronage!

ARTHURWALES SOLUTIONS LIMITED – Professional Web Solutions