phpMyAdmin hacked

[MACscr]

MACscr

 

 

I have the log file .. where the hacker .. first hack my Email

then he just click on forget password .. and log in WHMCS as admin

and then he hacked 25 servers .. plus enom and directI

 

I have the log file ..

 

I know the first step was my Email .. but it's that easy if some body access my Email .. he will hack 25 servers plus two domain reseller accounts .. only coz WHMCS?

 

what I am trying to think of .. we should put more protection in server managements plus the way we can access it from WHMCS .. this is all what I am asking ..

 

So, why we don't add more features .. even if your email hacked ..

 

somthing else needed to hack your 25 servers .. and your domain reseller accounts ..

 

a new layer of protection

 

I do agree there is no 100% preotections .. but as many protection we have as good we are

 

Like what? All your issues are because other services have been hacked. Not WHMCS. Thanks for proving my point. =)

 

If you give someone access to your WHMCS install (which you did when they "hacked" your email), there is no way to protect against that IMHO. I do though believe that passwords should never be able to be viewed in plain text besides in emails, and thats only on creation of those emails/passwords. Which means that even as admin, we should never be able to view a users password or even our servers passwords, they should always be encrypted. Email Logs should never have stored passwords as well. We should never have the ability to view password, only verify or reset.

[Matt]

Alfahmad, your email was hacked, not WHMCS. They got access to your WHMCS system via a password sent to your email. No hacking involved there. There's nothing we can do in WHMCS to prevent access when they have your password! Maybe you should consider blocking access to any IPs other than your own in your WHMCS admin folder.

 

Thread Locked.

 

Matt