Jump to content

database question


Recommended Posts

I was receiving 2 backups of my database through email both different sizes. I do not have WHMCS or my main domain any where else only on my IP.


I removed all cron jobs from my account but emails to OLD customers who have been deleted from WHMC are still getting about over due invoices and now I'm still getting 1 database emailed to me every night. it is the wrong database. I looked inside of it and it is being kept undated daily it looks like and has all the OLD clients still in it.


When I download my database and look inside of it all the old clients are not in that database.


Now before I installed the patch someone did get into my WHMCS.


So now my question is................ Which the wrong database being sent to me every night is there a way I can look inside of it and see where it is coming from. I mean what IP? Then if so can I block that IP some how so it can't do what ever it is doing.


I'm now getting emails from old clients who are getting upset about the reminder invoices they are receiving even though they are no longer on the service.


I do have a trouble ticket with WHMCS but as of now no help they are trying I think but they keep saying I have my stuff installed on another server which I closed up back in NOV. and deleted everything. (I still have access to that server and went and looked again and nothing is there) But this problem just started right after Christmas also.




Link to comment
Share on other sites

That's what it sounds like to me also. It's possible the DB and cron didn't get removed, or a recent server restore by this company put things back. Maybe.


Since these are arriving via email, the headers should show what server they're coming from. have you checked those, comparing them side by side?


Now before I installed the patch someone did get into my WHMCS.

Potentially, they have this set up on another server...

Link to comment
Share on other sites

I use Eudora also. :)

Double click the message so you're seeing it in it's own pane and not the preview. Look for the "blah blah blah" icon...




You first need to determine if it's what's happening. Then you need to figure out where it's being hosted (if so). Then you might consider contacting the DC that hosts them and explain. Be sure.

Link to comment
Share on other sites

Thanks I did this and i see 2 different "Received: from lines" 1 is my IP and the other is not. I looked at last emails (Before this problem started) and only see 1 "Received: from line" with my IP.


Looks like that second IP is from the same DC I use so I just shot them off an email explaining my problem and I'll what they say.


Thanks for all your help so far.


Link to comment
Share on other sites

Ok long story I will try to make short and hope it was the problem.


A week before Christmas I had a bad server crash lost OS and a few other thing.

The DC was very very helpful and did a lot more for me then I was paying for.


What they ended up having to do was move all clients to a temporary IP and then

rebuild my server and then move all clients back. They did have a hell of a time

getting them all moved off the old serer but finally got the job done.


Anyway so I emailed them to see if they removed my domain info off the other server

yet. (I haven't heard back yet)


So I tried out of the blue to SSH into that other IP that was listed under my account

info and it let me in. So I went to the cron job first crontab -c sure enough there was one

there so I removed it. Then I removed my directory I used for WHMCS.


Now that I think about it I should go in and remove the database. Really do not know how

to do that but maybe google will tell me.


Anyway I'm sure that was the problem and I'm hoping so. I still not going to add back the cron

jobs for tonight just to make sure and tomorrow I would have NO emails and either should old



Does the above sound like it could have been the problem?




Link to comment
Share on other sites

I really want to thank you near I would have never ever thought to check the headers on the email to look for something out of place.


I also heard back from my DC and they said YES that was the IP they used to move all my accounts to while the rebuilt the other server and said they have now deleted all info from it.


Again thanks a lot Now I need to close the trouble ticket with WHMCS.



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated