During the last months, there has been a hacking attempt by someone (probably Indonesian, male) on our hosting management app. We are using WHMCS and looks like on version 4 it has some security holes. SQL Injection Vulnerability as explained well in this blog. It’s very easy to find WHMCS system in the wild. Googling something like “Powered by WHMCompleteSolution” will do.
Our master cPanel password was changed but we learn from the log that this guy never logged in. Probably because the injection only changed the password, not be able to show it to him. We upgraded the WHMCS to version 5 which is secured from SQL injection. But all the member password must be reset due to incompability upgrader from WHMCS team.
After zooming the log files, we can safely say that the guy didn’t do any damage. Moral of the story: Don’t leave an unupgraded software for too long.
It looks great but we’re having a hard time figuring out the best way to install this
Here in Stucel, we use email and instant message extensively to communicate with clients and colleagues. By working virtually i.e not face to face, clear communication is the most important thing to get it right. We all know, it’s a different thing to explain something through written if compared to live meet up. For on site meeting, body language, face expression, and voice tone will help. If sloppy, we could have been write something “offensive” to certain people in email. Especially with people who cash us to work on their project. Continue reading →
Back in February 2010, we discretly offering hosting service for clients wo were contacting us for web design / logo projects. For months, we set up Stucel Hosting to be more automatic. Now the launch day finally arrived, it’s ready to accept hosting (and domain) registration order more automatic than ever.
To add a little fun, we run an affiliate program and promotion code. Please make sure to use coupon code BIRTHDAY to get 20% discount on your first hosting payment.