Originally Posted by HostLeet
If you haven't done all of the steps in the security guide, then it is safe to say that WHMCS and their script is NOT
at fault for you being hacked and the problem is server/user based.
And even if all the steps in the security guide have been followed, I think you'll find that the security whole is not with WHMCS. If it was, you'd see an influx of posts complaining about WHMCS being hacked. Similar to how we saw a huge amount of posts about the php encode hack in support tickets.