Jump to content

Watchdog for WHMCS - Detect Compromised Files & Intruders

Recommended Posts

Securing WHMCS

We're pleased to announce we're working on releasing our second free module for WHMCS. In case you missed the first, it's named Plesk Checker. It lets you quickly identify problems in the integration between WHMCS and Plesk.

This time we want to open source a script we used internally for years to help our customers to fix compromised installations of WHMCS. Here is the dashboard (click to enlarge).


Watchdog Features

The script performs file system integrity checks to detect:

  • Compromised files that could potentially threaten your core install (eg. malwares, files with injections)
  • Intruders. Unknown files that require your attention as they could be legitimate scripts of backdoors
  • Missing files that could cause unexpected errors
  • Anomalous and suspicious files buried deep within directories

You can inspect all findings to take the appropriate actions but the module can also be configured to automatically deal with such files.


The module verifies checksums of all .php files and performs checks every X hours. When a compromised file is detected, optionally the module can automatically take any of the following actions.

  • Neutralize file so that it can't be used to harm your system (quarantine)
  • Send notifications to selected administrators

Watchdog Settings

All settings can be changed from the following simple and intuitive interface.



Please keep in mind that the module is not ready for use as we're still working on it. It won't take much time since we're "converting" a stand-alone script to make it work as a WHMCS Addon module.

Get Involved!

Follow the project on Github to send suggestions and be the first to use it once it will be ready for use!

Follow Us on Github

Looking for other free scripts? Take a look at our huge collection of Action Hooks and Reports for WHMCS.

Share this post

Link to post
Share on other sites

  • Similar Content

    • By BunnyBloYT_Hosting
      Hey, is anyone here able to create a simple addon that simply changes email_verified under a client in the database to 1. Based on its user id.
      It need to be working like this:
      1. I enter the user id into a widget on admin homepage-
      2. It changes email_verified under a client who is having the user id in the database to 1.
    • By code47
      I am creating a module for invoice to display data from database. I want to know how to add that fetch value from module to invoice using hooks.
    • By Manchester Web Hosting
      Hello All,
      Hoping someone can shed some light on this matter.
      OK maybe not a massive security issue but neverthless something that has been pointed out to us after a so called 'expert' tried hacking our install and wanted bounty money. God loves a tryer eh...
      So lets take an example.
      Say someone fills out one of the forms on the site, they submit fine. All well and good. They get there email notifcation saying ticket submitted. great. BUT...
      IF you look at the email headers what you can find is:
      tucked away in the message headers 😲
      Maybe not a big deal BUT we have also found that the htaccess restriction for the admin directory in latest version doesnt even work properly (yup opened a ticket for it).
      However, why is that line even presented in the headers? OK if it needs to be WHY include the admin/custom admin directory?
      Seems like any and all emails being sent out have this line included in message headers which fogive me if i get this bit wrong BUT I find it ttally daft. Makes security of the admin/custom directory (even if its security through obsecurity) pointless.
      Can anyone else confirm that they can see the same thing? turned off all hooks (only using a few as it is) and its the same result.
      Curious if anyone else has spotted this...
    • By HardSoftCode
      What is suspend client account?
      The suspend client account module for WHMCS was created to ensure that admin can have better control over the client account for violation the policies or terms of service. In the new suspend client account module, WHMCS will have a new option beside the close account and delete account options. With this module, admin will be able to suspend and set client account for auto termination. Once the suspension has been approved, the client will receive a warning notification and will then finally automatically be suspended. The timeline for when these notifications gets sent out, as well as when the actual suspension takes place, can be set up under the client profile section. After the client has been suspended, you will have the option to pause their suspension (unsuspend the client). This will allow time for the client to make changes and send the proof of fixing the violation. When the time limit has been reached and the client has not made any changes to fix the violation, the client account will be deleted or closed depends on the setting you setup. Please note that when the client account is suspended, that the billing will not be stopped. In other words, even though the account is suspended, the client will receive their monthly invoice.
      Why do you need suspend client account module?
      If you fell that your clients do not follow the website policies, terms of service or there is suspicious activity in client account like logged in from another country or using a VPN. You need to act and suspense the client account and send the client a warning notification. You know that WHMCS have only 2 options in client profile and they are close account and delete account and they are not a good solution for this kind of situation.
      How it works?
      After activating the suspend client account you can configure the module to suit your needs by going to configuration and select the type of suspension also you can set account termination type and enter the number of days for closing or deleting the client account if suspended. You also can select the support department you want the client to contact support. From the reason messages section, you can create unlimited suspension messages or edit the existing one to use them within the module. By going to the client profile section and looking at the other actions menu, you will see suspend client account added to the menu by clicking on the link you will have the option to select a reason for suspending the account or enter a custom reason message also you can send email notification to the client about suspending the account.
      3 types of suspension Logout the client if he tries to click any link 2 types of account termination Set the number of days for account termination Set the support department Suspend account reason message List suspended accounts Email notification For more details and screenshot visit the product page
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated