Jump to content

Domain Synchronisation Cron Report shows my renamed admin file


Recommended Posts

After re-installing WHMCS is am receiving "WHMCS Domain Synchronisation Cron Report" email that shows "Active Domain Syncs" and lists (shows) my WHMCS installation path with my renamed admin dir.  Like this:

https://mydomainname.com/whmcs/renamed_admin_file.

Doesn't seem right that to me. I haven't setup any domains yet but in the past I would receive that report showing mine and client domains. Not the complete path to my renamed admin file.

Thinking I have something configured incorrectly but don't know where.

domainsync.jpg

Link to comment
Share on other sites

That link (my site and admin path) is included at the bottom of the report for me. If I recall correctly there's more than one email WHMCS sends that reveals that "secret" folder, and complaints about it have been ignored, mostly. I always felt it was a bad thing to send via email, but I guess they feel the benefit (as yet to be revealed) outweighs the risk of it being seen by anyone. 

Link to comment
Share on other sites

Might be missing something here, but those emails should only be going to staff and not clients / public.  So staff should already know that URL and so what is the risk here?   Sure if the staff email is hacked, then the URL would be known but uh if that was the case you have more issues than them knowing the URL .   Though would be nice for it to be an email template so you can remove if you wanted. 

Link to comment
Share on other sites

1 hour ago, steven99 said:

Might be missing something here, but those emails should only be going to staff and not clients / public.  So staff should already know that URL and so what is the risk here?   Sure if the staff email is hacked, then the URL would be known but uh if that was the case you have more issues than them knowing the URL .   Though would be nice for it to be an email template so you can remove if you wanted. 

Thanks #steven99 for checking on what might be happening.

Nope, the emails aren't going to clients. I just failed to understand why it was listing the Admin dir.

Link to comment
Share on other sites

1 hour ago, steven99 said:

what is the risk here?

The email is not encrypted end to end. It passes through any number of servers on it's way, in plain text/html. If anyone has access to any of those servers along the way (for whatever reason), they have the "secret" folder. That's one more step towards doing "bad things", and the main reason that folder is changed in the first place. It is pointless risk to include it, as it does nothing for the admin, and might (however slight the risk) expose paths.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated