Wondering if whmcs support ticket system is hacked.

[melvin@qualityhosting]

I have proved who I am myself I posted a comment on my whmcs under annoucements that said WHMCS its me melvin. Now if I did not have access to that whmcs how did i post that. I have had enough. All i was trying to do is change my password. Whmcs staff wanted me to allow access to ips. Well I am sorry - My admin area has a file that only allows access from one ip mine.
All i am trying to do is pay my bill to whmcs. If I can not get access to my account by time it is do. Than You as whmce can shut it down. I will use my back up billing I already have. I have never had as much trouble trying to pay a bill to a company before.
If anyone from whmcs wants to resolve this before they lose a customer Contact me

[stuartmacfarlane]

Melvin,

WHMCS are being cautious after recent events.. Personally I think they are doing a great job and all these extra security checks are there to protect people like you and me even if they do cause a pain in the ass...

If they are asking you to provide such access it means they want to be 100% sure you are who you say you are before they reset any account credentails.

[Stream101]

I think the other way that is implied, though not clearly in what you quoted from Lawrence, is that if you log into your account on WHMCS and reply to your support ticket through their WHMCS interface, you would in effect be verifying you are the owner... correct me if I'm wrong WHMCS team, but if the user has reset the password on their account (as was required for all WHMCS accounts last week) then they have reset the password and changed the password which means the leaked data is no longer quite as useful (for logging in anyway).

True, but if a user had the same email password as a server login the client's email could've been compromised as well. Or if the client reset the password to the same password.

I have no problem setting up a temporary admin account, which I have setup now but "disabled".

[EhsanCh]

As WHMCS expird all customer passwords , so a working password for whmcs.com client area is enuagh for verifyning customer ! if it is unsecure so all of our whmcses is unsecure too.

[John]

@EhsanCh: The issue here isn't client who are logged in to the client area, it's clients who don't know their login details.

[Nathanael]

Just make a screencast login in your whmcs installation and send them the link, that should be enough.

[supernix]

You could always setup GPGP and transfer the information that way so it is encrypted.