Jinx13 Posted February 17, 2013 Share Posted February 17, 2013 Hey, yesterday my someone got access to my ACP. I had a strange email and when I looked I realised it was addressed to 2 x admins. Since I am the only admin I tried to access my ACP and my password had been changed. I accessed my phpmyadmin and changed my password that way and then deleted the rogue admin account. Looking at the logs (which I have lost now) I seen what had happened... Someone had found the location of my ACP (as it is not at http://domain.com/admin) Started a password reset and set-up a new account He then added an order and then marked it as paid. What I am wondering is... 1. How the bleep did he find my admin directory? 2. How did he/she do a password reset on my account What I know is he did not have access to my cpanel He did not have access to my email address He did try a password reset on a msn email account which I received a notification for that is not associated with my whmcs at all. Any steps I can do to protect my account? I have changed my password What is even more confusing is my email address in my admin directory seems to be the same as it was Thank you 0 Quote Link to comment Share on other sites More sharing options...
penguin Posted February 18, 2013 Share Posted February 18, 2013 A few options srpign to mind. Firstly, do you host any other sites ont he same server as your WHMCS install? If so, they may have found your site details via another account. Watch you're not generating a sitemap that includes information you would want to keep private. Check the server overall is secure and has not been compromised Check your computer as this may well be compromised, hence the fact that so much information has been obtained and your e-mail account has been used. Don't use free/insecure WiFi when you're out and about - we see so many issues nowdays with plain text authentication being used on WiFi and it's pretty easy to then intercept this. 0 Quote Link to comment Share on other sites More sharing options...
altomarketing Posted February 18, 2013 Share Posted February 18, 2013 i think that if someone did you mentioned, there is no other option that your pc has been compromised. Security: Triple protect your admin directory: a. change your admin folder b. protect it using .htaccess doble protection, only your ip , and if not user and password (other than acm) c. encript your .htaccess and configuration.php more.... --disable ftp access to your whmcs, (if you need ftp, reenable when you need by cpanel) --enable only ssl for your admin connection. --prevent with robots.txt to crawl your whmcs folder (no one need seo for whmcs installations) Do you need more security, I can go on... 0 Quote Link to comment Share on other sites More sharing options...
Jinx13 Posted February 19, 2013 Author Share Posted February 19, 2013 Thank you for the advices One question... b. protect it using .htaccess doble protection, only your ip , and if not user and password (other than acm) My IP changes how could I allow only my IP? Thanks again 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.