whmcs follow up whmcs被黑后续跟进

whmcs官方账号强制用户重置密码 https://www.whmcs.com/members/pwreset.php ,即使在whmcs被黑后重置过。
whmcs官方建议的whmcs安全设置 http://go.whmcs.com/22/security
whmcs官方建议:
1 重命名admin文件夹
2 基本配置whmcs安全设置
3 whmcs建议用密码或身份验证以保护admin文件夹的安全。

  1. Dear Customer,
  2.  
  3. This is a follow up to the Urgent Security Alert email sent earlier this week. As you will be aware from that, we were the victim of a malicious attack which has resulted in our server being accessed, and our database being compromised.
  4.  
  5. As a security precaution, we are expiring all passwords for our client area. In order to restore access to your account, please visit the following url to reset your password:
  6. https://www.whmcs.com/members/pwreset.php
  7.  
  8. We have restored all essential services except for our forums, and resumed normal operations as quickly as possible in order to keep licensing and support channels open. We are still actively working to restore the forums, and we expect them to return to operation soon.
  9.  
  10. A full security audit and hardening was undertaken immediately following the breach, and the site remains safe to use. It is important to note that the breach we experienced was the result of a social engineering attack, and not the result of a hack or a breach in the WHMCS software.
  11.  
  12. We continue to experience a distributed denial of service attack, which has caused disruption to our public facing site. We are in the process of moving to a more expansive infrastructure which should mitigate this type of attack in the future. With this move, we will have a much stronger setup with additional layers of security, and these upgrades to our infrastructure will ultimately mean that our servers, and your data, will be better protected than ever before.
  13.  
  14. Please be aware, that in order to deliver these security upgrades, we expect some very brief downtime during the migration process. We apologize in advance for any inconvenience this may cause.
  15.  
  16. While we are all currently focused on security, we would like to take this opportunity to ask everyone to read our Security Guide @ http://go.whmcs.com/22/security
  17.  
  18. While it would be ideal for all steps to be followed, we recommend that you at least rename (http://go.whmcs.com/23/securityfolder), and apply IP protection (http://go.whmcs.com/24/securityip) and/or password protection (http://go.whmcs.com/25/securityadmin) to the admin directory.
  19.  
  20. We are continuing to work tirelessly to resume normal service and regain your trust. On behalf of everyone at WHMCS please accept my apologies for the inconvenience and we thank you for your support.
  21.  
  22. ----
  23. Matt
  24. WHMCS Limited
  25. www.whmcs.com

whmcs被黑

whmcs被黑,信用卡及用户信息得小心了!
whmcs官方表示并非whmcs本身的问题,我建议立即更改whmcs站点上的密码,用信用卡购买的用户如果带有“锁定无卡交易”的功能,建议立即开启。
paypal应该不会受到牵连,因为商家无法查看用户的paypal账户信息。

  1. Urgent Security Alert - Please Do Not Ignore
  2.  
  3. Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.
  4.  
  5. To clarify, this was no hack of the WHMCS software itself, nor a hack of our server.  It was through social engineering that the login details were obtained.
  6.  
  7. As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
  8. Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
  9.  
  10. This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.
  11.  
  12. We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
  13.  
  14. ----
  15. WHMCS Limited
  16. www.whmcs.com

谴责360buy.com的垃圾行为

网站定价:799元 状态为:无货
隔天显示有货;
马上下订单,系统也接受了这个订单,发邮件表示正在配货;
商品页面显示为:无货
隔天提示不支持配送的地区;
再往后面一天: 商品页面显示:有货, 价格为:940元

忘记抓图,登陆会员中心,该订单已经被京东删除,退款流程也未告知用户.

放弃360,购物只选择亚马逊amazon.cn与易迅icson.com

京东360buy.com的垃圾行为不止一次在网上被批评,让我觉得垃圾到家,客服连个电话都没来!

银牌用户 修改头像
账户积分:178
账户余额:¥0.00
完成订单:13个
年内消费:¥6,417.00
总消费额:¥8,486.00
只需要再消费¥3,583.00元就可升级到下一级别会员

再说一次, 垃圾的京东商城 360buy.com !

收藏_FTP参数解释

CWD – change working directory 更改目录
DELE – delete a remote file 删除文件
LIST – list remote files 列目录
MKD – make a remote directory 新建文件夹
NLST – name list of remote directory
PWD – print working directory 显示当前工作目录
RETR – retrieve a remote file 下载文件
RMD – remove a remote directory 删除目录
RNFR – rename from 重命名
RNTO – rename to 重命名
STOR – store a file on the remote host 上传文件
ABOR – abort a file transfer 取消文件传输
CWD – change working directory 更改目录
DELE – delete a remote file 删除文件
LIST – list remote files 列目录
MDTM – return the modification time of a file 返回文件的更新时间
MKD – make a remote directory 新建文件夹
NLST – name list of remote directory
PASS – send password
PASV – enter passive mode
PORT – open a data port 打开一个传输端口
PWD – print working directory 显示当前工作目录
QUIT – terminate the connection 退出
RETR – retrieve a remote file 下载文件
RMD – remove a remote directory
RNFR – rename from # RNTO – rename to
SITE – site-specific commands
SIZE – return the size of a file 返回文件大小
STOR – store a file on the remote host 上传文件
TYPE – set transfer type 设置传输类型
USER – send username 发送用户名

pchome.net有病毒

如今的网站真的很无语,连pchome这种大型的站点都会有带病毒的文件,没有一个规范来严格要求这些网站,难怪病毒满天飞了。
做个广告,下载文件要去
绿盟 xdowns.com
多特 duote.com
用了有几年了,在这两个网站里面还没有发现带病毒的文件,当然 注册机破解补丁除外。
pchome.net带病毒网址:
http://download.pchome.net/game/tools/detail-83588.html
pchome.net带病毒