ninak Posted September 8, 2011 Share Posted September 8, 2011 Last night some one tried to log into my WHMC using the username that I tend to use in forums. Thank goodness for the login failure reporting system or I would not have become aware of the situation. Just take a warning from me folks, never use the same username in forums that you would use for your important stuff. (I have the IP saved and will be doing some research) 0 Quote Link to comment Share on other sites More sharing options...
mojahed Posted September 8, 2011 Share Posted September 8, 2011 Last night some one tried to log into my WHMC using the username that I tend to use in forums.Thank goodness for the login failure reporting system or I would not have become aware of the situation. Just take a warning from me folks, never use the same username in forums that you would use for your important stuff. (I have the IP saved and will be doing some research) Plus you should consider to Protect the admin area Directory with a Password 0 Quote Link to comment Share on other sites More sharing options...
easyhosting Posted September 8, 2011 Share Posted September 8, 2011 Last night some one tried to log into my WHMC using the username that I tend to use in forums.Thank goodness for the login failure reporting system or I would not have become aware of the situation. Just take a warning from me folks, never use the same username in forums that you would use for your important stuff. (I have the IP saved and will be doing some research) you can also change the name of the admin folder http://docs.whmcs.com/Further_Security_Steps 0 Quote Link to comment Share on other sites More sharing options...
minadreapta Posted September 13, 2011 Share Posted September 13, 2011 Plus you should consider to Protect the admin area Directory with a Password are you sure this works? is the cronjob going to run anymore if the directory is password protected? 0 Quote Link to comment Share on other sites More sharing options...
Dragonsys Posted September 13, 2011 Share Posted September 13, 2011 are you sure this works? is the cronjob going to run anymore if the directory is password protected? Since the cron job uses the cmd line, and not http, I doubt it would be affected. 0 Quote Link to comment Share on other sites More sharing options...
GORF Posted September 14, 2011 Share Posted September 14, 2011 are you sure this works? is the cronjob going to run anymore if the directory is password protected? Yes it works. Also, I have no problems leaving the admin folder named as-is if it is password protecteded. (I still like to rename it for added protection) 0 Quote Link to comment Share on other sites More sharing options...
bear Posted September 14, 2011 Share Posted September 14, 2011 I have no problems leaving the admin folder named as-is if it is password protecteded. If you're using basic http auth password protection, that can occasionally just fail to prompt or disappear entirely. *Not* to be relied on for anything important. 0 Quote Link to comment Share on other sites More sharing options...
GORF Posted September 14, 2011 Share Posted September 14, 2011 If you're using basic http auth password protection, that can occasionally just fail to prompt or disappear entirely. *Not* to be relied on for anything important. Correct. Sorry, I should have elaborated to use Digest auth. 0 Quote Link to comment Share on other sites More sharing options...
VicToMeyeZR Posted September 14, 2011 Share Posted September 14, 2011 I use an htaccess IP specific allow only on the admin area. 0 Quote Link to comment Share on other sites More sharing options...
GORF Posted September 16, 2011 Share Posted September 16, 2011 I use an htaccess IP specific allow only on the admin area. That works well for those not on the move 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.