Jump to content

Is it possible to make WHMCS even more secure?

Mortfiles

By Mortfiles
in General Discussion

 Share

Recommended Posts

SilverNodashi Senior Member

SilverNodashi

Posted
Posted

I'd like to add a few points.

 

1. Using a .htaccess file to secure the admin folder is very good idea. This is the first level of security, and cannot be circumvented without the correct username & password.

 

2. Install something like Fail2Ban which can automatically ban an IP address for a preset amount of time, or infinitely on repeated incorrect password attempts - for example if someone is trying a dictionary attack, their IP could automatically be blocked from the server on the 10th retry. This could also be used for other stuff like SSH, STMP, FTP, etc. Train your users on this and it's like a dedicated security admin on your server.

 

3. Make the Admin staff sign an NDA (Non Disclosed Agreement) that they are not allowed to use / share / sell / etc any info from the system. This is something you definately have todo, whether the passwords are in clear text or not.

0
Link to comment
Share on other sites
Nick Senior Member

Nick

Posted
Posted

2. Install something like Fail2Ban which can automatically ban an IP address for a preset amount of time, or infinitely on repeated incorrect password attempts - for example if someone is trying a dictionary attack, their IP could automatically be blocked from the server on the 10th retry. This could also be used for other stuff like SSH, STMP, FTP, etc. Train your users on this and it's like a dedicated security admin on your server.

 

If you're using cPanel then CSF (ConfigServer firewall) + LFD work very nicely to achieve this. This includes major services such as SSH, FTP etc, as you mentioned, but also http auth if you enable it in the configuration.

0
Link to comment
Share on other sites
SilverNodashi Senior Member

SilverNodashi

Posted
Posted
If you're using cPanel then CSF (ConfigServer firewall) + LFD work very nicely to achieve this. This includes major services such as SSH, FTP etc, as you mentioned, but also http auth if you enable it in the configuration.

 

CSF can be installed on any server, not just cPanel. On a normal Linux / Plesk / Webmin server it's just a manual configuration, and there's not fancy interface, but it works as well

0
Link to comment
Share on other sites
brianoz Senior Member

brianoz

Posted
Posted
I don't know of any professional service that offers this, however, and I'd be very leery of providing the raw code to a third party anyway, if I'd written something as valuable as WHMCS.

Know someone that does this service professionally? I'd love to know who.

I'm sure that sitepoint would have the ability to do this. As pretty much the premier PHP developers in the world they're very well known. They run the sitepoint forums which I believe are the largest and highest quality PHP forums in the world.

 

More info at http://www.sitepoint.com.au'>http://www.sitepoint.com.au (parent company) and http://www.sitepoint.com (forums)

 

(This is just an answer to bear's question in case it is ever useful, I'm not pushing WHMCS for a security audit, see my earlier post).

0
Link to comment
Share on other sites
  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept