Security question - admin login

[cc_M]

Hi guys I am new to WHMCS and have a security question for you.

 

Within the last week I have setup my whmcs in a directory on my main domain. I have followed all the security recommendations in the documentation. Have not yet set .htaccess in my renamed admin folder.

 

I currently have no live links to my billing area, as I am still modifying the template. However I am already getting Admin login attempts from Japan and the US - about 10 in total in 2 days.

 

Is this something that you would expect to see so quickly? And does it mean they have found the renamed admin folder? I have by the way changed all passwords and the admin folder name again.

 

Any advice would be sincerely appreciated. And by the way I am already a huge fan of this software

[bear]

Is the new name easily guessed? Changing it to something like "administration" wouldn't help much in disguising it. I'd named mine to something far more unique, and haven't seen any to speak of in all the time I've been running this (though I still believe it should not be included in cron emails).

[cc_M]

Hi Bear,

 

No the folder name is just a bunch of jumbled letters. I will try the IP restriction on the admin folder and see how it goes. Still have a couple of attempts after the last name change. I guess there must be another vulnerability somewhere in my setup. Thanks, glad to know this isn't a common thing.

[bear]

If they're guessing the random admin folder, something more may be going on, as you suspect. As for it being common, it simply hasn't been happening to me. It might be more common for others, but I haven't read many discussing it.

[cc_M]

mm back to the drawing board. thanks for your time bear, appreciate it!