Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Operating a Web Hosting Business > Billing and Accounting > Tips for protecting WHMCS from hackers!
forgot password?



Reply


Old
  Post #1 (permalink)   11-18-2008, 10:49 AM
HD Addict
 
mfwl's Avatar
 
Join Date: Sep 2008
Posts: 144

Status: mfwl is offline
You can protect your WHMCS installation from hackers by doing the following 3 things:
  1. Change the name of the admin folder to something less obvious
  2. htaccess password the administration folder so you have to pass htaccess before entering whmcs admin username and password
  3. choose an obscure password/username

Oh and use Maxmind with manaul acceptance on all orders of value - in the long run you will be pleased you did!

If anyone has any bad experiences of WHMCS hacking or other methods of preventing this valuable data please post!
__________________
Online Hosting and Webdesign solutions with a reliability and price you will like..
Shared / Reseller / Master Reseller Accounts / Web Design / Licensing
[color="Blue"]www.ACE4SPACE.com
 
 
 


Old
  Post #2 (permalink)   11-18-2008, 08:07 PM
HD Amateur
 
davet's Avatar
 
Join Date: Jan 2004
Location: Tampa, FL
Posts: 54
Send a message via AIM to davet Send a message via MSN to davet Send a message via Yahoo to davet

Status: davet is offline
We nor any of our resellers who use WHMCS have had any problems with WHMCS being hacked.
__________________
cPanel Hosting
 
 
 


Old
  Post #3 (permalink)   11-19-2008, 02:07 PM
HD Newbie
 
Join Date: Nov 2008
Posts: 9

Status: headbull is offline
whmcs blocks IP adresses if they try wrong passw 5 times for 15 minutes.

So It would take quite a long time to hack the WHMCS installation, as long as there is no known backdoor then

But its usefull tips anyway!
__________________
:: Laxhost.com
:: Shared, reseller, vps and dedicated
 
 
 


Old
  Post #4 (permalink)   11-19-2008, 05:41 PM
HD Newbie
 
Join Date: Nov 2008
Posts: 2

Status: rayanaga is offline
Quote:
Originally Posted by davetanguay View Post
We nor any of our resellers who use WHMCS have had any problems with WHMCS being hacked.
I've seen it happen once and only once. It was probably due to a bad password then to a WHMCS security breach though.
 
 
 


Old
  Post #5 (permalink)   11-23-2008, 09:46 AM
HD Newbie
 
Join Date: Nov 2008
Location: Chicago, IL
Posts: 3

Status: WeWatch is offline
We've seen many cases where sites are hacked and people automatically start assuming the cause of the breach.

WHMCS has been extremely secure and would be one of the last areas we would look at for a successful security breach.

As stated previously, strong passwords are always highly recommended. At least 8 characters, combination of upper and lower case and use some special characters too.

Frequently we'll take a movie title and obfuscate it. Take Oceans 11. It could become a password like: $0C3@n$_eLEv3N#

This becomes a little bit easier to remember than something just totally random.

Also while renaming the admin folder falls under security through obscurity, it does offer an additional layer of protection from the automated tools used by so many cybercriminals. The more layers the better.
__________________
Thomas J. Raef
WeWatchYourWebsite - So You Don't Have To
http://www.wewatchyourwebsite.com/reporthd.html
 
 
 


Old
  Post #6 (permalink)   12-10-2008, 09:12 AM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
No issues with the software on this end since we started with them live about a year ago. No issues with ModernBill prior to that going back to 2000.

Many of the hacks are not software exploits but admin exploits. People failing to review logs, password protect areas, and change passwords on a regular basis. A 12 character random password is necessary on anything (if not a long password). NO two passwords that same in our network on any of our servers.

Put CSF on the server, watch for failed passwords.
Kill Telnet Access and limit from a single or a couple of servers that you own - static IP.
Disable root access, only allow login under one user, then SU to root.

And the number one issue for people with problms - when an upgrade comes out - UPGRADE!!
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #7 (permalink)   12-11-2008, 12:19 PM
HD Newbie
 
Join Date: Oct 2008
Location: Jersey
Posts: 48
Send a message via AIM to iiDesign

Status: iiDesign is offline
Quote:
Originally Posted by davet View Post
We nor any of our resellers who use WHMCS have had any problems with WHMCS being hacked.
Yes, I never had any attempts of being hacked either. WHMCS is pretty damn secure!
__________________
www.competitivehost.com -
Discounted VPS, Reseller and Shared Hosting!
 
 
 


Old
  Post #8 (permalink)   12-11-2008, 12:37 PM
HD Guru
 
shockym's Avatar
 
Join Date: Jan 2008
Posts: 694

Status: shockym is offline
I gotta jump on the good boat here, we have never had issues either. *knock on wood*

Where did you other folk hear of this being hacked before, I must have missed this talk as I remember no such thing, was it recent?
__________________
Please your clients & thank them from time to time.......they are just like groupies that keep the band going strong.
 
 
 


Old
  Post #9 (permalink)   12-11-2008, 03:23 PM
HD Addict
 
mfwl's Avatar
 
Join Date: Sep 2008
Posts: 144

Status: mfwl is offline
Quote:
Originally Posted by shockym View Post
I gotta jump on the good boat here, we have never had issues either. *knock on wood*

Where did you other folk hear of this being hacked before, I must have missed this talk as I remember no such thing, was it recent?
No it was back a few months with version 3.5.1, since upgrading (now 3.7.2 obv) its not problem although we have done what I suggested at the top of the page so I wouldnt know if whmcs have fixed the issues (whatever they were)
__________________
Online Hosting and Webdesign solutions with a reliability and price you will like..
Shared / Reseller / Master Reseller Accounts / Web Design / Licensing
[color="Blue"]www.ACE4SPACE.com
 
 
 


Old
  Post #10 (permalink)   12-11-2008, 04:46 PM
HD Amateur
 
Join Date: Nov 2008
Posts: 61

Status: thecubehost is offline
Good Tips.
__________________
The Cube Host - Quality Web Hosting Solutions
24/7 Server Monitoring - 99.9% Uptime Guarantee
www.thecubehost.com
 
 
 


Old
  Post #11 (permalink)   12-12-2008, 10:34 PM
~Pixel Queen~
 
Join Date: Oct 2008
Location: Iowa
Posts: 290
Send a message via AIM to The-Pixel Send a message via MSN to The-Pixel Send a message via Skype™ to The-Pixel

Status: The-Pixel is offline
Hello,

I've never seen WHMcs get 'hacked'. And I would bet the farm that 9 times out of 10 it happens. And that 1% changes are is something they did. Thats just me...
__________________
Lindi Wheaton
I <3 Pixel's
The-Pixel :: Get a custom WEB DESIGN today!
 
 
 


Old
  Post #12 (permalink)   12-15-2008, 10:09 AM
HD Addict
 
Join Date: Dec 2008
Location: Florida,Tampa
Posts: 101
Send a message via MSN to HivelocityLB

Status: HivelocityLB is offline
This does not happen often but it obviously can happen.
These are some good tips to prevent this from happening in the future.
__________________
Dedicated Servers - sales@hivelocity.net - 1-888-869-HOST(4678)
Viva Hivelocity "THE SERVER STUD" - Award Winning Hosting
Managed Dedicated Servers. Reseller Discounts. 24/7 Impressive Tech Support.
 
 
 


Old
  Post #13 (permalink)   12-17-2008, 09:36 AM
HD Newbie
 
Join Date: Dec 2008
Posts: 22

Status: hostingsir is offline
Is Clientexec hacker safe!?
 
 
 


Old
  Post #14 (permalink)   12-19-2008, 03:18 AM
HD Addict
 
mfwl's Avatar
 
Join Date: Sep 2008
Posts: 144

Status: mfwl is offline
Quote:
Originally Posted by hostingsir View Post
Is Clientexec hacker safe!?
We have not used Clientexec, however I assume the above tips would also be beneficial for any install of clientexec also..
__________________
Online Hosting and Webdesign solutions with a reliability and price you will like..
Shared / Reseller / Master Reseller Accounts / Web Design / Licensing
[color="Blue"]www.ACE4SPACE.com
 
 
 


Old
  Post #15 (permalink)   12-19-2008, 11:26 AM
HD Addict
 
LaneHost's Avatar
 
Join Date: Mar 2007
Location: Houston, TX
Posts: 153

Status: LaneHost is offline
You can also move the attachments, downloads & templates_c folders outside of the public accessible folder tree on your website. WHMCS allows you to do this. If you do move the folders, then you must tell WHMCS where they have been moved to by adding the following lines to your configuration.php file:

Code:
$templates_compiledir = "/home/whmcs/templates_c/";
$attachments_dir = "/home/whmcs/attachments/";
$downloads_dir = "/home/whmcs/downloads/";
__________________
LaneHost Solutions, Inc. | Professional Web Hosting Solutions
Affordable Shared Hosting, Reseller Hosting & Dedicated Servers at Great Prices!
Complete Solution To Affordable Reseller Web Hosting

Follow us on Twitter! | The LaneHost Blog | LaneHost Forums
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: