Jump to content

Hacking

Rockyuk

By Rockyuk
in Using WHMCS

 Share

Recommended Posts

Rockyuk Junior Member

Rockyuk

Posted
Posted

Hi Everyone,

I am hosting my WHMCS on a remote shared host so if my servers go down my main site does not. Anyway i have noticed for a couple of months now that someone is changing the location of my admin folder in my configuration file at least once a week. I have changed the password so many times for my cpanel and ftp etc but they can still seem to do it how is this possible and is this a direct hack through WHMCS itself? Has anyone else experienced this if so how did you solve it? I am running the latested version of WHMCS and running CloudFlare but this is still happening any ideas?

 

Thanks

 

Rockyuk

0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
I am hosting my WHMCS on a remote shared host

This is rather likely the problem. Running a billing system on a shared host is asking to be compromised, generally though other accounts on that server.

 

A further note, if they've been changing your config file, there's a pretty good chance all your data has been compromised, including clients info and server logins.

0
Link to comment
Share on other sites
Wabun Member

Wabun

Posted
Posted (edited)

Hi,

 

Don't use Cloudfare, as it is caching to much, I personally don't like that for using such as WHMcs.

 

- Is the attack coming from inside or outside?

- Check your [raw] access logs.

- Make backup of your mysql DB and look in the tables if you see any admin users.

- Same in back-end, look for users with rights!

- If you have access to /admin/.htaccess, make sure you are the only one to login with your static IP deny the rest of the world.

- Rename the admin folder, I suppose you should have done so as WHMcs recommends, see here: http://docs.whmcs.com/Further_Security_Steps

 

- Check for users with no products/service and delete them ;-)

- Don't allow new users without buying a product/service/checkout.

 

If you don't have static IP, get one! as you can control/protect so much better who has access.

 

You could also do a file compare with a new installation and your current one to check for changes in files!

Beyond compare or any other tool is a good help with that.

Edited by Wabun
Link to security doc
0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept