Anyone else had their WHMCS Google gateway hacked?

If you're seeing hacking going on in WHMCS, I recommend reporting to WHMCS immediately. You'll receive better responses and communication through their forums also.
 
Agreed with the above, you definitely need to report this to WHMCS asap, if it is actually a hacking, then this'll probably need to be patched by them as soon as possible before many other clients billing systems are at risk.
 
If it was a new WHMCS exploit you would see a lot of hosts being hit with it, before it gets widely known and patched. More likely it is something old and overlooked by the OP, like the well known boleto module vulnerability.
 
We have decided in the best interest of any WHMCS v5.0.3 user to re-post this information.

On 11/30/12 while using our WHMCS v5.03 we had to stop using our Google Checkout payment gateway as someone from a Turkey IP: 78.161.20.35 and Host: 78.161.20.35.dynamic.ttnet.com.tr hacked through our WHMCS and faked a payment of $97.95 from Google Checkout/ Wallet.

This issue has been confirmed by another WHMCS user this is indeed an issue. They had someone add funds via Google Checkout / Wallet and then apply the funds to their purchased service. The payment posts to WHMCS and all is green except that the transaction is fake and doesn't show in Wallet. Luckily we verify all orders/transactions.

I have contacted Matt at WHMCS but as yet not been contacted. Should you like more detailed information please PM me.

Regards.
 
lowesthost said:
WHMCS v5.0.3 is old
WHMCS Version: 5.1.2 is the current version
Click to expand...

Understood, but when we upgraded our sister site to v5.1.2 it had so many bugs we decided to not upgrade everywhere until they got it all sorted out. And we are not the only ones to not upgrade we hear.

Thanks for the post.
 
WHMCS has identified the cause of the problem and are currently testing a solution to it. As soon as that's complete they'll be releasing an update which they expect to be within the next 12-18 hours. In the meantime simply disabling the Google Checkout module, or deleting the callback file from the /modules/gateways/callback/googlecheckout.php location will protect you against this and ensure you aren't at risk.

Regards.
 
Hello,

We received a reply from WHMCS this AM and understand the WHMCS Google Payment Gateway Addon hack has affected all versions of WHMCS.

=================================
Please read Matt's reply below:

"I'm pleased to advise that a patch is now available for this. The full details can be found @ http://forum.whmcs.com/showthread.php?64778

The Google Checkout issue I can confirm does affect all versions.

Any problems or questions, please let me know.

Regards,

Matt"
 
It wasn't really made clear in the security alert email if the google checkout issue effects 5.0.3 so I emailed WHMCS to clarify.

"Hello

Yes 5.0.3 is effected also, however with 5.0.3 you can simply apply the 5.1 modules/gateways/callback/googlecheckout.php you don't need to apply the dbconnect from 5.1 (this will stop your install working)

If you have any further questions, just let us know.

Regards
 
Looks good, thanks for the update! I saw the security alert come in from WHMCS last night and while the issue didn't affect us directly, it's nice to see it all got resolved.

Thanks for the update here on the forums!
 
We are personally letting everyone know if you had any kind of [SQL Injection] attack before applying the latest security patch issued from WHMCS you were at risk in other areas of your WHMCS application so be aware and thoroughly check your application data!

Regards.
 
technut said:
We have decided in the best interest of any WHMCS v5.0.3 user to re-post this information.

On 11/30/12 while using our WHMCS v5.03 we had to stop using our Google Checkout payment gateway as someone from a Turkey IP: 78.161.20.35 and Host: 78.161.20.35.dynamic.ttnet.com.tr hacked through our WHMCS and faked a payment of $97.95 from Google Checkout/ Wallet.

This issue has been confirmed by another WHMCS user this is indeed an issue. They had someone add funds via Google Checkout / Wallet and then apply the funds to their purchased service. The payment posts to WHMCS and all is green except that the transaction is fake and doesn't show in Wallet. Luckily we verify all orders/transactions.

I have contacted Matt at WHMCS but as yet not been contacted. Should you like more detailed information please PM me.

Regards.
Click to expand...
In which case, upgrading to the latest version of WHMCS may patch this issue.
 
Criot said:
In which case, upgrading to the latest version of WHMCS may patch this issue.
Click to expand...

Hello Criot,

Maybe your just looking to add points for posting or not, but if you took the time to read the entire posting you would understand what you posted is definitely not true. We have made it very clear that all users of WHMCS were at risk of [SQL Injection] and data manipulation until installing the security patch recently if you were a user of the Google Checkout/Wallet Payment Addon of WHMCS.

Regards.
 
technut said:
Hello Criot,

Maybe your just looking to add points for posting or not, but if you took the time to read the entire posting you would understand what you posted is definitely not true. We have made it very clear that all users of WHMCS were at risk of [SQL Injection] and data manipulation until installing the security patch recently if you were a user of the Google Checkout/Wallet Payment Addon of WHMCS.

Regards.
Click to expand...
Not at all, I said 'may' on the basis that most of the time these sort of issues can be caused by not running the most recent up to date software, I said 'may' implying that I wasn't definitely sure whether this was the issue or not. Either way, upgrading would definitely be a good idea.
 
You must log in or register to reply here.

Latest posts

Forum supporters

Members recently online

Total: 16

Forum statistics

Threads
81,060
Messages
248,697
Members
20,690
Latest member
JohnMuller
Top