dansgalaxy Posted June 15, 2009 Share Posted June 15, 2009 Recently one of my whmcs installations was hacked... The hacker gained access to the database and manually changed the admin email to their own and then as able to just click forget password and have a new password emailed to them. Now i know the fact they got access to the database means they could have done anything but it seems that they shouldnt have been able to just change the email and get admin access... Shouldn't it be more difficult!? 0 Quote Link to comment Share on other sites More sharing options...
bear Posted June 15, 2009 Share Posted June 15, 2009 I think the database access is the larger issue. 0 Quote Link to comment Share on other sites More sharing options...
dansgalaxy Posted June 15, 2009 Author Share Posted June 15, 2009 Yes i know that... but if it took more than 5 seconds to gain access to the admin of whmcs it would help to reduce the risk. 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted June 17, 2009 Share Posted June 17, 2009 Shouldn't it be more difficult!? yes, lock down your admin access by ip/htaccess, change the directory name, fix your security hole that allowed them db access ... 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.