baffinsabino

I am PMing rarija with my addons to see if any are the same as theirs. I also feel like it reflects poorly on WHMCS when highly rated modules (didn't install anything else) are causing issues. Not sure what the solution is, but it'll be a while before we want to try modules again knowing that we're basically handing our customers to each and every module developer.

It's super frustrating and we're feeling the consequences months later. Our ssl certs just failed to renew and it seems to be because Google was telling comodo we have malicious content (even though it was all cleaned months ago). It's a nightmare. Our modules were from the WHMCS marketplace, so looks like we'll have to avoid that in future.

We had to totally nuke the WHMCS install. Fresh download from trusted source and start from scratch. Imported database over via sql. Did you have any addons/plugins/modules? We had a few themes and domain registrar plugin. We haven't reinstalled these and so far there's not been any further phishing. Changing passwords and even two factor auth didn't help, so we think it had to be a plugin.

WHMCS appears to store all our customer cPanel passwords in a retreivable way (basically plaintext), because it shows that to us as an admin user. This seems very insecure. All of our customer cpanel accounts (that were purchased through WHMCS) have just been compromised and had phising pages/email take over them. Accounts that didn't use WHMCS (created manually for example) weren't compromised. How can this be prevented in future? Where are the passwords stored and how can we ensure this is secure? Are they accessible by plugins? Obvious first steps: Secure admin account(s) with secure password (unique, random, long), Reset cPanel accounts to something secure (unique, random, long), Don't store passwords in WHMCS (customer cpanel login seems to work fine without it).