IP, hostname and web directory were logged for users who's license did not appear to be valid to our licensing server. For legit clients, it was never logged in the first place. sBorg source were never uploaded to any servers, so it is still secure.I just want to know if there any other information that the hacker has on the server that he didn't release.
Does the server also record any information about our own private servers? (Aside for ip/hostname and web directory?) Not really talking about support tickets but any tracking info that we don't know about so we can secure better our servers?
Well congratz Somik, you're getting money from the pockets of your clients every month. You're probably rich as shit. But you can't even manage to secure your own website.
I'm happy I never used your script.
I still don't get it
Hoster: Yay, I have started Hosting business But I don't have WHCMS license, and I am a beginner at System Administration.
WJ MOD1: OMG U NOOB ASS. NULLED WHCMS SECURITY VULNERABILITY. :O
PEOPLE PRIVATE INFO REVEALED.
WJ MOD2: SAD SHIT. U NO HAVE MONEY TO BUY WHCMS LICENSE. U ARE UNPROFESSIONAL NOOB.
WJ MMOD3: ZOMG, U NOOB, U NO HAVE KNOWLEDGE. U SHOULDN'T BE ALLOWED TO SELL HOSTING ON WJ.
WJ ADMIN: BAN U. WHCMS LICENSE REQUIRED. SECURITY.
sBorg: Sad, we got hacked. Stored some passwords as plaintext. Revealed a lot of Private Info. But You can always change it, so it's not a big deal.
WJ: Sure man, Private info, no big deal. Shit Happens.
I am sorry, I had to use this conversation to put across my point.