backup-uk Posted March 9, 2012 Share Posted March 9, 2012 Hi, I had an older version of WHMCS running and stupidly did not apply any security patches. Unfortunately my account was comprimised. I immediately removed the installation of WHMCS, installed a new later version as a "Knee jerk reaction" I still have my old SQL Database there with all the client details etc, is there a way of importing this into the new database, or even pointing the new installation of WHMCS to look at the old database, I guess there will be different tables though. Any help greatly appreciated, instead of manually trying to do this. 0 Quote Link to comment Share on other sites More sharing options...
tripler Posted March 9, 2012 Share Posted March 9, 2012 Install that security patch and you will be secure enough to continue with your previous version so you can at least get your support and clients back online. http://forum.whmcs.com/showthread.php?t=43462 Before you install it though go through templates_c and clear it out.. look for b0x.php red.php and whatever else they named their uploader scripts whmcs is not the big problem right now, your server could be compromised. Look in your database admin table and make sure they didnt create a account, look through your ftp accounts etc. and whatever other suggestions are in: http://forum.whmcs.com/showthread.php?t=44066 If you had backups then you maybe could roll back enough to before the hack and patch it, clear any exploit. 0 Quote Link to comment Share on other sites More sharing options...
backup-uk Posted March 9, 2012 Author Share Posted March 9, 2012 I have already removed the previous installation. I know was too quick, was just worried about being compromised. I now have a new installed version with an empty database, and and old database for the previous version. Is it possible to do anything with this? 0 Quote Link to comment Share on other sites More sharing options...
tripler Posted March 9, 2012 Share Posted March 9, 2012 I would roll back to your version you were using and reconnect the db, until you can look at the version and change log of migrating to whatever newer version. 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted March 9, 2012 Share Posted March 9, 2012 Did you save the original configurations.php? Without it, you will not be able to decrypt any of the credit cards in the system. 0 Quote Link to comment Share on other sites More sharing options...
zomex Posted March 9, 2012 Share Posted March 9, 2012 As others have mentioned you should be OK with the previous installation but keep in mind that even after the patch is installed it's likely that the hacker created/uploaded a lot of dodge files you'll need to remove. Some of the common names I've seen are: red.php 00.php whmcs.php indexx.php Jack 0 Quote Link to comment Share on other sites More sharing options...
tripler Posted March 9, 2012 Share Posted March 9, 2012 ^ dont just search for anything in your whmcs dir, search your entire file sys and look at file modification dates from the attack. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.