Jump to content
kurieuo

Is the "powered by whmcompletesolution" text a hacking risk?

Recommended Posts

Hi

 

I find that I get a few visits to my website using the query "powered by whmcompletesolution" - for example:

 

"powered by whmcompletesolution" "quality" inurl:cart

cart.php whmcompletesolution

clientarea.php "powered by whmcompletesolution"

intext:" powered by whmcompletesolution "+ inurl:cart.php?

intext:"powered by whmcompletesolution"

intext:powered by whmcompletesolution inurl:".*/*/submitticket.php"

intext:powered by whmcompletesolution inurl:cart.php?a=view

inurl:"cart.php?a" intext:"powered by whmcompletesolution"

inurl:"cart.php?a=" intext:"powered by whmcompletesolution"

inurl:submitticket.php "powered by whmcompletesolution"

...

 

These are either people looking for samples of WHMCS sites or looking for sites using WHMCS that they can try hack into.

 

WHMCS team: are you aware of this?

 

We don't mind promoting WHMCS as our billing system so that's why we didn't get the non-branded version, but just dislike that it attracts this sort of traffic.

 

So I was thinking... maybe if the "powered by whmcompletesolution" bit were an image rather than text, maybe it would be harder for hackers to find WHMCS sites.

 

I guess, they could use Google image search to find the sites still... d'oh... or how about if the powered by was written with javascript? :)

 

Anyone else have ideas?

- Mrs K

Share this post


Link to post
Share on other sites

I'm definitely interested in this. However, there are still ways to find an installation, ie: looking for Wordpress? Tag wp-login.php to the end of the URL and see if it flushes out. Add clientarea.php to one, and you've most likely found a WHMCS installation.

 

Adding as an image may be an option - including the .htaccess to retain something like:

User-agent: Googlebot-Image

Disallow: /path/to/poweredby.png

 

Can we move this to the feature request system? Seems a bit more appropriate.

http://requests.whmcs.com

Share this post


Link to post
Share on other sites

Hi Chris

 

Yes, please move this to the feature request system. It does seem more appropriate there.

 

Thanks

- Mrs K

Share this post


Link to post
Share on other sites

re: searches for "clientarea.php" ... maybe this unique filename could be optionally renamed in the WHMCS config, similar to how we can rename the whmcs/admin/ directory to something else if we desire.

 

Cheers

- Mrs K

Share this post


Link to post
Share on other sites

At the end of the day, there will always be something that can be searched for with next-to-any system. Security through obscurity isn't the best approach. At times, certain things can cause more issues than they're worth and/or actually resolve.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated