Have bots hacked my account?

[sammyboy]

Ok I'm not sure if I'm stressing over nothing here,

 

I'm still in the process of setting up my whmcs site and so I dont have any services or products avaialibe just yet. However, I received my first signup yesterday. At first I thought it was just a keen customers, so I emailed them to say we're not quite ready yet. Then a few hours later I got another user registration. I'm now certain these are bots. Whatsmore, the passwords they both used to register are exactly the same.

 

But whats scary is that a section of the password they used contains some of my original password (for my whmcs site). I've since changed all my passwords, but its still very worrying.

 

Was my password compromised? If so how?

 

Under the clients profile > log, I see this:

 

Customer successfully registered with random generated password at (mysite) (myresellerclubid) - User: kamowitzangel-at-yahoo-dot-com - User ID: 1

 

It states clearly that the password was randomly generated? Can someone please help this noob figure out whats going on?

 

Cheers

[sammyboy]

Ok I'm not sure if I'm stressing over nothing here,

 

But whats scary is that a section of the password they used contains some of my original password (for my whmcs site). I've since changed all my passwords, but its still very worrying.

 

Cheers

 

Couldn't figure out how to edit my post above so I'm adding a follow up here:

 

Turns out the password that was used by the bot was exactly the same as my whmcs administrator password. I'm really not sure how that happened. For now I have disabled new client registration, changed the Administrator password and also purchased/activated 2 factor login.

 

Can anyone here please advise how I can stop bots from registering fake accounts? I do want genuine customers to be able to register, so at some point, when i've finished setting up, I will need to enable registration.

 

Or is it recommended to only allow registration with new orders? Will this curb the bots?

[sentq]

Enable Google Recaptcha from General Settings -> Security.

 

If this doesn't stop them, then disable the registration without order.

 

but anyway how they got your password, is it a coincidence or maybe you use common or weak password!

 

is WHMCS installed in Shared server or what?

[sammyboy]

Enable Google Recaptcha from General Settings -> Security.

 

If this doesn't stop them, then disable the registration without order.

 

but anyway how they got your password, is it a coincidence or maybe you use common or weak password!

 

is WHMCS installed in Shared server or what?

 

Thanks for your suggestion Sentq. I will enable Google recaptcha and see how that goes.

 

Regarding the original password which was copied, it was: E@&9K46@F5604126p (I'm only posting it because I've changed it now). If it was a coincidence then bloody hell, that was a very good coincidence. Honestly, to me it feels like the bots/hackers created the accounts just to let me know that they know my password.

 

By the way, yes, I have my WHMCS installed on a shared server. The hosting provider has a reseller plan that includes WHMCS free. Is this bad?

[sammyboy]

Ok so this was all a big misunderstanding on my part - I feel a bit silly.

 

In the client profile page, the password field was being auto filled in by my password manager - lastpass.

 

Thats why I was seeing both accounts having the same password. I've disabled the autofilling from happening now for that page.