Jump to content

Search the Community

Showing results for tags 'hacking'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


WHMCS.Community

  • The latest WHMCS Release
    • WHMCS 8.2 Release Discussion Board
  • WHMCS Beta Program
    • WHMCS Mobile App Technical Preview Feedback
  • The Latest from the WHMCS Team
    • News, Announcements & Blogs from WHMCS
  • WHMCS.Community
    • Community Announcements
    • Introduce Yourself
  • Using WHMCS
    • Pre-Sales Questions
    • Admin & Configuration Questions
    • Installation, Upgrade, and Import Support
    • Using WHMCS
    • Troubleshooting Issues
    • Vendor Discussions
  • WHMCS Showcase
    • Showcase Your Site
    • Share Your Best Practices & Tips
  • Developing & Extending WHMCS
    • Third Party Add-ons
    • Service Offers & Requests
    • Developer Corner
    • Building Modules
    • Share Ideas for WHMCS Modules
  • Community Competitions
    • Competitions
  • General Discussions
    • General Discussion
  • General Feedback & Assistance
    • Feedback
    • WHMCS.Community Tips & Tricks
  • Third Party Developers's Topics
  • Turkish International Discussions's Topics
  • Russian International Discussions's Topics
  • Spanish International Discussions's Topics
  • Portuguese International Discussions's Topics
  • French International Discussions's Topics
  • Italian International Discussions's Topics
  • German International Discussions's Topics
  • WHMCS Brasil's Topics
  • WHMCS Brasil's Tópicos
  • ModulesGarden Club's Topics
  • Hungarian International Discussions's Segítség
  • ThemeMetro Club's Topics
  • WHMCS Services Club's Topics
  • SwiftModders Club's Topics
  • WHMCS Global Services Club's Topics
  • Katamaze's Free Scripts
  • Katamaze's Modules
  • Zomex Club's Topics
  • 0100Dev Club's Topics

WHMCS Version

  • V8.2.x Hotfixes
  • V8.1.x Hotfixes
  • V8.0.x Hotfixes
  • V7.10.x Hotfixes
  • V7.9.x Hotfixes

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 4 results

  1. Hello everyone! The following occurs. User registers the following information in a Pending Order. Then I'll receive the following Email:
  2. Hi First let me say if this is posted in the wrong location , please advice me of the correct thread and I will repost the topic.. I'm new to whmcs, my problem is I have been getting lot's of bogus accounts being made since last night, as soon as I remove / delete the account and block the IP another one or two is created.. I have my settings set to purchased must be completed before a new membership can be made. How can I prevent new accounts from being made? They are using emails and usernames such as Email Address: whmcs0day@gmail.com Password: whmcs0day@gmail.com Also user-names such as 404/403 I read as much as I could about this and learned it's some kind of man in the middle? Trying dump my account holders CC information? Can someone please tell me the steps or point me in the correct direction to prevent this 0-day attack crap. I really need to prevent this and protect my clients data Thanks for any help in advance Fish911
  3. I noticed a problem over recent weeks that has become much much more worrisome in recent days with lots of spammy registered users at my site. Most of these spammy email addresses are not actually TLDs, such as the email address jhvgyr65ytghv@mmmmmm.mmm that was recently registered today. How did that email address get past WHMCS validation?? Is there somethign wrong with my WHMCS setup? Why is an email address at mmmmmm.mmm allowed to be registered? It should fail on validation, correct?
  4. Hello, Due to recent hacks going around with whmcs, i wanted to investigate further and see if there was anything else that could be done to prevent getting hacked. I have easily found some information on the internet on how we were hacked by recent exploits in whmcs versions 5.2.3 and above. With sql injections its all easily done. We are now using two factor auth, and also following setups in this document to further secure the whmcs installation which will help. If you have not done so already i suggest you get it done a.s.a.p http://docs.whmcs.com/Further_Security_Steps I have found something that needs attention immediately, many attackers use google to search for sites to exploit using the inurl command, doing a search like this. whmcs inurl:clientarea.php will give plently of results and potential people to hack. One easy thing to do that i really cant believe has not been done or should at least be an option is to protect all whmcs files for being indexed, i mean if you cant find them in the first place then it is much harder to exploit in the first place ? <meta name="robots" content="noindex"> In the header template file will allow this feature to not show up on any Google result at all, no matter if its linked from external sites. Some people like to SEO Whmcs ? why i ask, its your billing system and probably the dumbest thing you can do especially since we all know its not exactly secure. If you want to SEO, use your blog or your main website to do the marketing your portal should be as protected and hidden as possible for your clients ONLY. It would be good to see this new option maybe in the GENERAL OPTIONS, SECURITY TAB in Whmcs. If anyone else has anything that can help with securing whmcs in general please share. EDIT: I also just found this option within WHMCS GENERAL SETTINGS -> OTHER TAB that should be unchecked. Tick this box to allow registration without ordering any products/services The most recent vulnerability in 5.2.10 allows someone that has access to the clientarea.php to use an SQL injection. By unchecking this basically means they will need to purchase something before becoming a client. Cheers Mitch
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated