Keep Getting Hacked

[rke211]

Right im wondering if anyone else has this problem so i have the most uptodate version of whmcs installed and i go on every so often and its been hacked my username has been changed to root and there on my account ordering stuff thankfully i dont tend to keep money in the domain register for this reason....

 

So i even have a cpanel password over the admin folder which which i changed the name of and there still getting in any ideas?

 

Id really like to stop this...

[laszlof]

You should figure out the entry point first, I doubt its WHMCS. If you're not capable of finding this out, you should hire someone who is.

[m8internet]

If you are setting the password locally, then it most likely an intrusion on that local computer or exception on the host

 

Have any other passwords that you use changed?

If not, then it is the host

If they have then it is the local computer

 

Check your WHMCS installation that there is only one administrator, yourself

If there are others, then disable them

[zomex]

I agree with Frank, it's highly unlikely to be WHMCS especially if you're running the latest version.

 

Are you using shared hosting?

[Pipert]

Right im wondering if anyone else has this problem so i have the most uptodate version of whmcs installed and i go on every so often and its been hacked my username has been changed to root and there on my account ordering stuff thankfully i dont tend to keep money in the domain register for this reason....

 

So i even have a cpanel password over the admin folder which which i changed the name of and there still getting in any ideas?

 

Id really like to stop this...

 

I've never had this issue using WHMCS. If you have SSH access on the server, you might want to check the Apache logs to see if you can catch the culprit.

 

Are you running any other scripts on the same hosting account?

[rke211]

shh access was disabled as this was also my first guess at what it would be

 

and whmcs seems the most likely path in as when i put a cpanel password over the admin folder it stopped for a couple of days till my configuration.php file ended up being empty and i re-uploaded the admin folder to the default directory

 

im waiting to see if it happens again but atm it seems to be fine

[mikie]

shh access was disabled as this was also my first guess at what it would be

 

and whmcs seems the most likely path in as when i put a cpanel password over the admin folder it stopped for a couple of days till my configuration.php file ended up being empty and i re-uploaded the admin folder to the default directory

 

im waiting to see if it happens again but atm it seems to be fine

 

Why is your admin folder called admin anyway? Did you read the documentation that the admin folder, for security reasons, should be moved/renamed to something OTHER THAN /admin?

 

Why dont you read up on the section in the documentation under SECURITY???

[rke211]

it was renamed but when i updated it i accidently uploaded the admin folder again without realising

 

im not that stupid to leave it as admin

[othellotech]

It sounds like either the server or your local machine are compromised.

Format them both and start again.

[rke211]

its definetly not my machine as it happened once without me even loging in as another administrator fixed it

 

and after changing the folder and adding a cpanel password it hasnt seemed to happen again so this is why i would think it is whmcs...

 

if it had happened again that might make me think otherwise

[ckh]

It doesn't always happen right away. It could be the same day or a week later if you have some sort of keylogger installed on your computer. Most of the time when a client's account is compromised, it's due to a keylogger.

 

The client always insists that it isn't their computer but it's the server. They all eventually will find something on their computer.