Jump to content

My whmcs was compromised. In a weird way.


DJFireCFH

Recommended Posts

So earlier today, our whmcs was hacked by a client. They placed an order, paid for it, and then all of a sudden they are logged in on 3 Different admins. How do I know this? By the clients IP address.

 

How is it possible for them to do something like this? They started placing all these orders, and then used the admins accounts to approve the orders with out paying for them, which what they ordered ended up costing us money in the long run by ordering domains then approving them with out being paid for, which processed through our registar's, which "submitted payment" for them.

 

How is something like that possible for someone to do? This same exact thing happened to one of our resellers as well. The "exact" same thing. Has anyone else seen something like this?

 

Is there also a way to "ban" a user through the whmcs software? (email, IP, etc). And is there some way that if it were to happen again, if they logged into an admins name, to "kick or ban" them off if you see them on other than changing the password. Because if they are on a page, that "does NOT" refresh, they can read everything that is on that page and gather information.

Edited by DJFireCFH
Link to comment
Share on other sites

When security issues are discovered, within the software, a patch is released and clients of WHMCS are notified. That's why it is best to always make sure you are up to date on patches, and on the latest version of the software, if at all possible. This is especially the case, being the nature of what WHMCS does.

Link to comment
Share on other sites

This same exact thing happened to one of our resellers as well. The "exact" same thing.

Were both on the same server?

changed admin folder, and a few other things.
Yes, we took those steps.

Based on the first comment, the security steps were done after the hack?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated