Rehost24 Posted August 19 Share Posted August 19 Hello. I noticed in my whmcs that bots are gaining access to old inactive user accounts and are being authorized. Where can I find the problem? All new accounts that are after 2024 are protected there or there is no attack there. Please give me recommendations on how this can be done 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted August 19 Author Share Posted August 19 I'll also add that I'm using the latest version of whmcs. 0 Quote Link to comment Share on other sites More sharing options...
Ricardo B. Posted August 21 Share Posted August 21 Hey! Are you using reCAPTCHA v3? https://docs.whmcs.com/8-13/system/system-tutorials/enable-recaptcha-v3/ 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted August 27 Author Share Posted August 27 Yes, I have it installed. But I'm wondering if passwords are being hacked and how they access client accounts. ? 0 Quote Link to comment Share on other sites More sharing options...
RadWebHosting Posted August 31 Share Posted August 31 It's possible that there was exposure to the older passwords. I would recommend exercising an abundance of caution, especially if the accounts are associated with active clients. Force all your active clients to reset passwords (force password difficulty to high level), and permanently disable or remove dormant/inactive accounts while you investigate further to determine the root cause of this behavior. 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted September 1 Author Share Posted September 1 Yes, I understand. I've already forced the user to change their passwords, but I'm just curious. Could some database have been leaked? Or is it that easy to guess the password and email? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.