DJFireCFH Posted April 29, 2014 Share Posted April 29, 2014 (edited) So earlier today, our whmcs was hacked by a client. They placed an order, paid for it, and then all of a sudden they are logged in on 3 Different admins. How do I know this? By the clients IP address. How is it possible for them to do something like this? They started placing all these orders, and then used the admins accounts to approve the orders with out paying for them, which what they ordered ended up costing us money in the long run by ordering domains then approving them with out being paid for, which processed through our registar's, which "submitted payment" for them. How is something like that possible for someone to do? This same exact thing happened to one of our resellers as well. The "exact" same thing. Has anyone else seen something like this? Is there also a way to "ban" a user through the whmcs software? (email, IP, etc). And is there some way that if it were to happen again, if they logged into an admins name, to "kick or ban" them off if you see them on other than changing the password. Because if they are on a page, that "does NOT" refresh, they can read everything that is on that page and gather information. Edited April 29, 2014 by DJFireCFH 0 Quote Link to comment Share on other sites More sharing options...
vec Posted April 29, 2014 Share Posted April 29, 2014 what version of WHMCS are you using? 0 Quote Link to comment Share on other sites More sharing options...
DJFireCFH Posted April 29, 2014 Author Share Posted April 29, 2014 We were using 5.3.3 but after the fact that that happened, we upgraded to 5.3.6 and changed admin folder, and a few other things. 0 Quote Link to comment Share on other sites More sharing options...
sentq Posted April 29, 2014 Share Posted April 29, 2014 follow this documentation also: http://docs.whmcs.com/Further_Security_Steps 0 Quote Link to comment Share on other sites More sharing options...
DJFireCFH Posted April 29, 2014 Author Share Posted April 29, 2014 Yes, we took those steps. 0 Quote Link to comment Share on other sites More sharing options...
searley Posted April 30, 2014 Share Posted April 30, 2014 i use cloudflare its good at stopping sql injection attacks its also possible to ban ip ranges or even entire countries for example we have banned indonesia 0 Quote Link to comment Share on other sites More sharing options...
SeanP Posted April 30, 2014 Share Posted April 30, 2014 When security issues are discovered, within the software, a patch is released and clients of WHMCS are notified. That's why it is best to always make sure you are up to date on patches, and on the latest version of the software, if at all possible. This is especially the case, being the nature of what WHMCS does. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted May 1, 2014 Share Posted May 1, 2014 This same exact thing happened to one of our resellers as well. The "exact" same thing. Were both on the same server? changed admin folder, and a few other things. Yes, we took those steps. Based on the first comment, the security steps were done after the hack? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.