Hi
Just seen this post, very funny. I had the exact same problem as this guy. I used whmcs on a reseller account. the server (not mine) got hacked via a script that looked like this :
/shop/ext/msbp.php
/shop/ext/php.ini
/shop/ext/black.htm
/shop/ext/sql.php
in one of their other clients osc sites. I know, not much to go on from a directory structure but hey, that s the host for you! We use several servers and, in turn, they were all compromised! This was an SQL attack that grabbed the WHMCS database ad gained access to details like passwords, etc. It was the SQL database that was the problem NOT WHMCS. Blame SQL, it can be a bit loose, lol!
The lesson is, if you use WHMCS on a shared account you have no control over what other rubbish is run on the server, who uses other accounts for what (IE hacking), etc.
We run our WHMCS on a different server to prevent any server downtime effecting the client support. We are now rethinking our strategy.
I would wholly agree with the above. Ive used WHMCS for 4 years and never been hacked through it!!!!
Xass
