Em comunicado enviado a todos os seus clientes, Matt Pugh, fundador e CEO da WHMCS, culpou a engenharia social como sendo a falha que culminou na invasão dos seus servidores. A WHMCS ainda recomenda que todos os usuários alterem as suas senhas de acesso ao seu site, como já havíamos recomendado aqui no Blog do Host, e que este incidente não foi por causa de falhas de segurança em seu sistema homônimo.
Muito tem se especulado em relação a segurança no seu sistema de gerenciamento de servidores de hospedagem de sites, mas até agora nenhuma ação comprova as especulações e todas as falhas já ocorridas foram corrigidas pela sua equipe.
Segue o comunicado na íntegra:
This is a follow up to the Urgent Security Alert email sent earlier this week. As you will be aware from that, we were the victim of a malicious attack which has resulted in our server being accessed, and our database being compromised.
As a security precaution, we are expiring all passwords for our client area. In order to restore access to your account, please visit the following url to reset your password:
We have restored all essential services except for our forums, and resumed normal operations as quickly as possible in order to keep licensing and support channels open. We are still actively working to restore the forums, and we expect them to return to operation soon.
A full security audit and hardening was undertaken immediately following the breach, and the site remains safe to use. It is important to note that the breach we experienced was the result of a social engineering attack, and not the result of a hack or a breach in the WHMCS software.
We continue to experience a distributed denial of service attack, which has caused disruption to our public facing site. We are in the process of moving to a more expansive infrastructure which should mitigate this type of attack in the future. With this move, we will have a much stronger setup with additional layers of security, and these upgrades to our infrastructure will ultimately mean that our servers, and your data, will be better protected than ever before.
Please be aware, that in order to deliver these security upgrades, we expect some very brief downtime during the migration process. We apologize in advance for any inconvenience this may cause.
While we are all currently focused on security, we would like to take this opportunity to ask everyone to read our Security Guide @ http://go.whmcs.com/22/security
While it would be ideal for all steps to be followed, we recommend that you at least rename (http://go.whmcs.com/23/securityfolder), and apply IP protection (http://go.whmcs.com/24/securityip) and/or password protection (http://go.whmcs.com/25/securityadmin) to the admin directory.
We are continuing to work tirelessly to resume normal service and regain your trust. On behalf of everyone at WHMCS please accept my apologies for the inconvenience and we thank you for your support.