annomander Posted October 7, 2009 Share Posted October 7, 2009 Hi All I have a person using the following IPs 68.99.52.137 70.183.185.121 70.183.77.121 all from cox.net isp being trying to gain access to my whmcs. I have blocked these IPs but thought might be an idea to forward and then people are prewarned incase he moves somewhere else. almost a pub watch list! 0 Quote Link to comment Share on other sites More sharing options...
Michael.Terence Posted October 7, 2009 Share Posted October 7, 2009 best/easiest way to avoid this is to rename the admin folder to something else - you'll need to add a variable to your configuration file so WHMCS knows where to find it - but you won't get any more attempts 0 Quote Link to comment Share on other sites More sharing options...
dkent Posted October 7, 2009 Share Posted October 7, 2009 Yeah, renaming the Admin folder is the best way to prevent hacking. However it won't stop them if your files are set to 777 and they are hosted on the same server as you! So placing IP bans is what you also need to do. 0 Quote Link to comment Share on other sites More sharing options...
Michael.Terence Posted October 8, 2009 Share Posted October 8, 2009 Quite true, but the files shouldn't be 777, and due to the sensitive nature of client details (and without even touching on PCI/DSS) it's quite advisable to run WHMCS and the database server on nodes that aren't accessible to clients. The best advice I could give to everyone would be to use virtualization. Even if all you have is a single dedicated machine - have your host install XenServer (citrix) on it - use the desktop app to manage things, carve out a huge VM to use as your "shared server", and one or 3 for yourself. This makes life sooooooo much easier when you're just starting out. You get console access, can reboot things for yourself, get a slew of metrics, and snapshot style backups with a click of a mouse. XenServer is also a great way to bust out into managed VPSs - there's no WHMCS integration and the build process is (mostly) manual until you've got a few templates created (which again just takes a couple mouse clicks). It's definately not for clients that will be rebuilding their VPS or managing it themselves as there's non web interface, but if your client base doesn't want those features and would rather leave it to someone who knows more it's perfect. 0 Quote Link to comment Share on other sites More sharing options...
eseelke Posted October 8, 2009 Share Posted October 8, 2009 There is also VPS.Net. They have some pretty good features for cloud hosting. Plus, they have a module for WHMCS. 0 Quote Link to comment Share on other sites More sharing options...
GORF Posted October 8, 2009 Share Posted October 8, 2009 1) Change the admin folder name. 2) If this is a *nix server, use .htaccess to password protect the admin folder. Create a different user/pass than WHMCS admin. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.