Jinx13

Ah I thought it was due to being an incorrect place to be posting logs so I deleted them as they are in the ticket anyway Off topic... Is https://www.ioncube.com/main.php?c=encode how whmcs files are encoded?

Of course I deleted the logs as I have submitted to support. I changed all my passwords after the first attempt. I will say that they never actually accessed my ACP that I know of (I had .htaccess password already) It seems that they have been accessing my configuration.php via the same method and after searching my access logs for "configuration.php" I seen all the attempts that we're made. I have taken the advice from you and encoded configuration.php. It costs 5 credits 25p GBP but you have to buy a minimum of 100 credits for £5.00 Which doesn't break the bank so that's what I did and it works fine I would probably recommend it to everyone. Thank you for any help it has been passed to the security team

Thank you for the tip, testing the encoded configuration.php now I have a problem looks like every man and his dog are accessing my DB Someone just changed my admin details and I've still not found the entry point Although I found this in my access logs [Deleted logs and moved to ticket] Does anyone know if this could be the issue? Either something in my template or knowledgebase? Thank you

Think I have found it

The under construction page was just a mask over the top till I've sorted this out. I have checked my template files and all seems fine. Even added my template folders on an internal server on my PC. It seems that it is the database as as soon as I uploaded my database to wamp and opened localhost I had the same hacked page. Still scanning through logs to try find where. I have contacted my host to run the code via ssh Thank you for your help

Thank you, I did check the access logs but all I could find was this however I don't think it's anything @WHMCS Chris is that code done via ssh? I checked .htaccess file and also .html files as I don't have many and they seemed fine

Hey, I have just been hacked by LiBeRTADoRS My admin folder is still accessable and my templates folder is not affected. I'm struggling to find how/what/where Does anyone have any tips? Thank you

Thank you for your help I will request a development licence so I can test things out

Hey Currently on Version: 5.1.3 and there is an upgrade. Upon going to downloads I see many versions some are 5.2... But I see So what version do I need and why is this older version the newest? Thank you

Ok seems I figured it. Registrar Commands in client profile and then "register" Is there anyway to automate it a bit more? Something else I noticed is the payment was marked unpaid even though the paypal payment was received. Could this be a reason for me having to manual register? How could I get the invoice to be marked as paid upon payment? Another thing is, is the expiry date supposed to be "00/00/0000"? Thank you

I have just encountered this try going to clients profile Then to "Registrar Commands" underneath nameservers etc Then click transfer and see what happens Worked for me after lots of time trying to figure it out

Hi, I had a customer purchase a domain however the same issue as above is happening. Other domains seem to work fine in demo but .com is being an issue. This latest .com is in a live environment but I am getting this issue still

Hey, I have been testing my site but it seems that .com domains are failing. I get other TLD to work in the resellerclub demo account but when I try with a .com it doesn't get sent. I look in my whmcs and there is an error "Registrar Error Website doesn't exist for xxxtest.com" I know I am missing something but couldn't find out what. I notice that the nameservers are missing and when I try to set them correct then whmcs just says "name server change failed" Thank you

Thank you for the advices One question... My IP changes how could I allow only my IP? Thanks again

Hey, yesterday my someone got access to my ACP. I had a strange email and when I looked I realised it was addressed to 2 x admins. Since I am the only admin I tried to access my ACP and my password had been changed. I accessed my phpmyadmin and changed my password that way and then deleted the rogue admin account. Looking at the logs (which I have lost now) I seen what had happened... Someone had found the location of my ACP (as it is not at http://domain.com/admin) Started a password reset and set-up a new account He then added an order and then marked it as paid. What I am wondering is... 1. How the bleep did he find my admin directory? 2. How did he/she do a password reset on my account What I know is he did not have access to my cpanel He did not have access to my email address He did try a password reset on a msn email account which I received a notification for that is not associated with my whmcs at all. Any steps I can do to protect my account? I have changed my password What is even more confusing is my email address in my admin directory seems to be the same as it was Thank you