Is Domain Registration a gateway for attack?

[mt50f1]

Hi Folks,

 

I've read quite a few posts regarding an old attack that still circulates and negatively affects folks who have not upgraded to v5.2.8 (http://forum.whmcs.com/showthread.php?97562).

 

I've been protected since the beginning so getting the notifications from my instance of WHMCS with these hack attempts are usually ignored, blocked and fraud client deleted.

 

Most recently I've become fed up with having to constantly clean up these hack attempts and started digging through my configuration.

 

My question and confusion is regarding why these attacks always begin with someone trying to register a domain name? My instance of WHMCS forces users to pay with a credit card (no other option) before the account is created on the system. I've tried to replicate what the hackers are doing, but I always run into the same wall of the credit card. I've checked my processing gateway and a fraudulent card is never run against the system, but yet the account is created and the domain name registration is always 'pending' the payment.

 

I'm using the ENOM plugin for domain name registration, all my other services are set to provision 'after' payment.

 

How in the heck are these hackers getting past the requirement to pay with a credit card (and thus creating an account to try the hack attempts)? Why is it always for Domain Name Registration (and not my other services like web hosting, etc)?

 

TIA