Hacked

[gorip96]

Today my WHMCS got hacked

 

I've got an email about admin failed login attempt, and a few moment later, got another email that the hacker made a product order

 

When I tried to login, the password has changed, and when I try to do a forgot password, the email is also changed

 

I don't know how he can hook into the system, but it leaves me one big question

 

Is WHMCS system secure ? And if it's not, how to make it secure ?

 

I've managed to get my account back, but still a bit paranoid that it would happen again

[openmind]

The system is secure but you would be better off looking at the server logs to ascertain how the hacker gained access to your server.

[gorip96]

I think this is where it all start :

 

41.201.172.62 - - [07/Aug/2012:06:20:11 +0000] "GET / HTTP/1.1" 200 6767 "http://wafa2.com/vb2/yb/whmcs_killer.php?p=7" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" 348 7291 - 139607

 

It lists all the files and directory, and here's the weirdest part :

 

41.201.172.62 - - [07/Aug/2012:06:37:51 +0000] "GET /admin-sinting/login.php?action=reset&email=b4%40live.fr&timestamp=1344321405&verify=480d3c6de7f7856db2bc4e7fdb61cb22 HTTP/1.1" 200 4225 "http://bl159w.blu159.mail.live.com/mail/InboxLight.aspx?n=456364626" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" 899 4685 - 7800436

 

How on earth did he get to reset the password, while his email is not on the database ?

 

I need some tips and tricks for enhancing my WHMCS's security