commacomma Posted October 20, 2013 Share Posted October 20, 2013 Hello, Our WHMCS was hacked before the update. We recognize that this is BAD. What we're hoping to find out is - what should we do for cleanup? What do they likely have access to? Thanks in advance for any help this community can provide. 0 Quote Link to comment Share on other sites More sharing options...
alinford Posted October 20, 2013 Share Posted October 20, 2013 What are the symptoms of the hack? 0 Quote Link to comment Share on other sites More sharing options...
commacomma Posted October 20, 2013 Author Share Posted October 20, 2013 The admin directory was deleted. The Downloads folder had several files in it with some explicit names. A few site on our servers were hacked. 0 Quote Link to comment Share on other sites More sharing options...
zoilodiaz Posted October 20, 2013 Share Posted October 20, 2013 The admin directory was deleted. The Downloads folder had several files in it with some explicit names. A few site on our servers were hacked. i think you should send a ticket to whmcs or restore a backup previous to the hack and upgrade and them change all passwords. 0 Quote Link to comment Share on other sites More sharing options...
Doulos Posted October 20, 2013 Share Posted October 20, 2013 Maybe, delete/replace anything on, after the date of the hack. 0 Quote Link to comment Share on other sites More sharing options...
DavidBee Posted October 20, 2013 Share Posted October 20, 2013 I understand this is a discussion forum, but asking the community how to clean up your servers is just as bad as the how shocking WHMCS has become. 0 Quote Link to comment Share on other sites More sharing options...
ocosa Posted October 21, 2013 Share Posted October 21, 2013 I would backup the files you have and logs and comb through them. Anything that looks suspicious report it to your LEA of choice. Re imagine your server, restore backup from prior to compromise. Change all passwords on every account. If you use passwords on other sites reset those as well. Research how to secure your server more and/or hire someone. As well as open a ticket with WHMCS immediately. Consider locking down your WHMCS admin folder to specific IPs and rename it and don't forget to reference the renamed folder in the configuration.php file. Outside of that not much else I can think of if WHMCS is why you were hacked. 0 Quote Link to comment Share on other sites More sharing options...
ebmocwen Posted October 21, 2013 Share Posted October 21, 2013 Just updated to 5.2.10, hadn't even had time to find the bugs in 5.2.9 yet. Anyone following this thread, please be sure to check out the latest security update for 5.1 and 5.2 products: http://blog.whmcs.com/?t=80298 0 Quote Link to comment Share on other sites More sharing options...
ocosa Posted October 21, 2013 Share Posted October 21, 2013 Just updated to 5.2.10, hadn't even had time to find the bugs in 5.2.9 yet.[/url] The only bug I saw was just the mass mail tool and search tool returning duplicate results. However, after 5.2.10 seems to be fixed. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.