Jump to content

How to block access to WHMCS?

Speedy059

By Speedy059
in Using WHMCS

 Share

Recommended Posts

Speedy059 Senior Member

Speedy059

Posted
Posted

We just found out that our WHMCS keeps on getting hacked by someone who is logging into our WHMCS with one of the logins. We have tried changing passwords and everything, but to no avail this person can login like its nothing. There are no failed attempts. This person keeps logging in and changing our payment gateways over to his so he can collect our invoice payments. We can't figure out how they are doing it.

 

Question is, is there a setting in WHMCS to only allow certain IP's access to the administrator area?

0
Link to comment
Share on other sites
zomex Senior Member

zomex

Posted
Posted

What else is on your account other than WHMCS? If this person is able to continue to gain access he must be able to gain access via a certain exploit/file.

 

Are you running the latest version of WHMCS and any other software you may be using?

 

Jack

0
Link to comment
Share on other sites
Speedy059 Senior Member

Speedy059

Posted
  • Author
Posted
Try changing your mysql passwords as well

 

Already have. Changed the root mysql PW, and the database username and password. I don't think they gained access by knowing those passwords, they are incredibly hard and consist of random numbers, letters, and symbols.

 

Right now it looks like he didn't do much other than try to change the payment gateways. Looking through the logs, he didn't look at anything else. Guess we got lucky on this, but still quite alarming that it could/may happen again.

0
Link to comment
Share on other sites
sohouk Senior Member

sohouk

Posted
Posted

If they are getting in using your normal Admin login, then limit access to the WHMCS/Admin folder to your specific IP addresses using .htaccess in your admin folder.

 

order deny,allow
deny from all
allow from 888.888.888.888
allow from 999.999.999.999
allow from 000.000.000.000

 

etc..

 

If its access direct to the MySql then check the logs, and see if there are any access IP's that can be blocked.

 

 

Trevor

0
Link to comment
Share on other sites
Speedy059 Senior Member

Speedy059

Posted
  • Author
Posted (edited)

We were going to password protect the admin area with .htaccess, however I wasn't sure what kind of affects this would have on the client portals. Would anything stop working if we did this? Does the client area not interact with the admin folder what-so-ever?

 

 

Changing the admin folder was done already to something more annoyingly complex.

Edited by Speedy059
0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
We just found out that our WHMCS keeps on getting hacked by someone who is logging into our WHMCS with one of the logins.

Are you certain it's one of the logins and not via the DB (a shell script can access quite a lot of things)? If so, have you made sure there are no keyloggers installed on any system that might be logging in there?

What else is hosted on the same server? Clients? WordPress? Anything apart from WHMCS?

 

Question is, is there a setting in WHMCS to only allow certain IP's access to the administrator area?

The .htaccess method given is about the best. Limit access to certain IPs, and if they still get in (and the htaccess is unedited after), it's unlikely to be WHMCS, and more likely the DB.

0
Link to comment
Share on other sites
othellotech Senior Member

othellotech

Posted
Posted

If you're seeing changes being made in eth WHMCS activity log, then look at the admin log for details of the IP's being used - start by banning those from your server(s) and reporting the abuse

 

Change *ALL* your passwords for everything - internal and external systems - yes that includes hotcrud or gunkmail or whatever else you use ;)

 

Alter the directory the admin site is in, .htaccess/htpasswd protect it, and *THOROUGHLY* check your server for exploits and nasties.

 

Unplug all the keyloggers on your hardware and get rid of the malware and virus'

0
Link to comment
Share on other sites
ckh Senior Member

ckh

Posted
Posted
We just found out that our WHMCS keeps on getting hacked by someone who is logging into our WHMCS with one of the logins. We have tried changing passwords and everything, but to no avail this person can login like its nothing. There are no failed attempts. This person keeps logging in and changing our payment gateways over to his so he can collect our invoice payments. We can't figure out how they are doing it.

 

Question is, is there a setting in WHMCS to only allow certain IP's access to the administrator area?

 

Do a comprehensive virus scan on your computers used to access whmcs. Try to pin down whose login is being compromised. I've seen this a lot with cPanel/whm passwords being compromised, the client has a keylogger installed on their computer and changing the password works only as long as the client next logs in again.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept