Rehost24 Posted August 19 Share Posted August 19 Hello. I noticed in my whmcs that bots are gaining access to old inactive user accounts and are being authorized. Where can I find the problem? All new accounts that are after 2024 are protected there or there is no attack there. Please give me recommendations on how this can be done 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted August 19 Author Share Posted August 19 I'll also add that I'm using the latest version of whmcs. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Technical Analyst WHMCS Ricardo Posted August 21 WHMCS Technical Analyst Share Posted August 21 Hey! Are you using reCAPTCHA v3? https://docs.whmcs.com/8-13/system/system-tutorials/enable-recaptcha-v3/ 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted August 27 Author Share Posted August 27 Yes, I have it installed. But I'm wondering if passwords are being hacked and how they access client accounts. ? 0 Quote Link to comment Share on other sites More sharing options...
RadWebHosting Posted August 31 Share Posted August 31 It's possible that there was exposure to the older passwords. I would recommend exercising an abundance of caution, especially if the accounts are associated with active clients. Force all your active clients to reset passwords (force password difficulty to high level), and permanently disable or remove dormant/inactive accounts while you investigate further to determine the root cause of this behavior. 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted September 1 Author Share Posted September 1 Yes, I understand. I've already forced the user to change their passwords, but I'm just curious. Could some database have been leaked? Or is it that easy to guess the password and email? 0 Quote Link to comment Share on other sites More sharing options...
Rehost24 Posted September 22 Author Share Posted September 22 (edited) . Edited September 22 by Rehost24 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Technical Analyst II WHMCS JoshQ Posted Tuesday at 04:34 PM WHMCS Technical Analyst II Share Posted Tuesday at 04:34 PM Hi @Rehost24, There are lots of possible causes. Indeed, compromise is one of those, and that is particularly likely if WHMCS is hosted in a shared environment. I'd recommend reviewing our Enhancing Security guide: https://docs.whmcs.com/8-13/installation-guide/initial-configuration/enhancing-security/ Beyond that, it would be worth consulting with a System Administrator or Security Specialist who can take a look at your installation and identify any possible weak points. Just to further the advice given above, it is possible to force all clients to reset their passwords by removing the stored password hashes from the databases: https://help.whmcs.com/m/managing/l/1535126-forcing-a-password-reset UPDATE `tblusers` SET `password` = '', `email_verification_token_expiry` = NULL, `email_verified_at` = NULL, `reset_token_expiry` = NULL WHERE 1; Of course, you should then send an e-mail to all clients instructing them to reset their password using the standard Forgot Password flow. Hope this helps. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.