Can WHMCS Easily be Hacked?

[petru]

Hey Guys,

 

I know this is a pretty stupid question to be posted here

But I have a few important questions.

 

Recently my Server was compromised and I had a full 48 hour battle with the Hacker without sleep

Now, I'm led to believe that the hacker got access to the server via WHMCS, Either by decrypting the passwords that connect to the servers somehow. Im not sure, And I'm not blaming or pointing the finger at anyone or anything.

 

The reason I believe this is because the hacker was first on our Hosting Website and purchased a Small hosting account. After verifying the account we noticed it was suspicious and found that they were about to use the account for illigal purposes not guided by our Terms Of Service which we then suspended on the spot.

 

A Few minutes after this we received an email from WHM saying that there was a root login from an IP that wasn't whitelisted. We logged in Via SSH and changed the passwords and Blocked set a region block to all countries outside Australia to buy us some time to figure out what happened.

 

They also changed the Email address of the server contact which matched the account purchased in WHMCS.

 

They have also spread malware throughout the server which is now cleaned up.

 

But the main question is, How easy is WHMCS to be compromised?

I know I might not get some very honest answers here but I'm requesting honest answers, and possible ways to secure WHMCS from any hacking attempts.

 

Is it very known for WHMCS to be Hacked?

What security measures should be taken to prevent our website being hacked?

 

I'd also like to know how deadly the Remote Access Key can be in the hands of the wrong person.

 

Thanks

[SoluteDNS]

Like almost everything WHMCS can also be hacked. You can however take some counter measures, please see:

 

http://docs.whmcs.com/Further_Security_Steps

[petru]

Thanks for your reply SoluteDNS.

 

That link was very helpful.

Would you know the answer to my Remote Access Key question?

[searley]

Despite implementing security measures, and running the latest versions, last weekend we found that our whmcs admin username and password had been changed.

[SoluteDNS]

I'm not familiar with cPanel/WHM, however if your WHMCS installation is compromised you might want to change all passwords of the systems which WHMCS has access too. It’s safe to assume all those systems have been compromised too, and you should check the logs for suspicious activities.

 

About the changed username and password you might want to talk to the WHMCS support about this if not done yet.

[snake]

given the constant number of updates due to major security issues, I would say it is pretty easy a lot of the time, which is very worrying for a billing system.

However, what info could they get out of WHMCS that would give them root access to your servers? I know we do not have any such info in ours, the only login details are for the hosting control panel which it uses for provisioning, so the most they could do is gain admin access to that if they decrypted the passwords.

If your WHMCS on the same server that got hacked? as this seems a more likely entry point if they hacked WHMCS.

[sentq]

the answer is yes for many reason

- try to keep your website away from your clients websites use VPS for example,

- follow this steps http://docs.whmcs.com/Further_Security_Steps

- and for sure keep your WHMCS up to date