Results 1 to 15 of 15
  1. #1
    Join Date
    May 2010
    Location
    Bhakkar
    Posts
    1,592

    Question Is it secure to install whmcs through autoinstallers?

    I want to know that is it secure to install whmcs through aut installers such like fantastico etc..
    I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe. There may be any hole instead of this point but it may be. So, what do you suggest manual installation or automatic.
    HostinPK.com
    [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
    cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
    We accept PayPal, 2checkout, Credit Cards, and Bank payments

  2. #2
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by jamshed_11946 View Post
    I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe.
    I dont see how this is exactly possible, Please share more details...

    I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security, It will certainly help those who put their WHMCS installation on a $1/Month shared cPanel account!
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  3. #3
    Join Date
    May 2010
    Location
    Bhakkar
    Posts
    1,592

    Arrow

    Quote Originally Posted by cd/home View Post
    I dont see how this is exactly possible, Please share more details...

    I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security...
    Don't know what exactly happened but whmcs installed on a domain through auto installer got hacked while on other domain, I installed manually and worked fine. So, is there something wrong with auto installation??
    HostinPK.com
    [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
    cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
    We accept PayPal, 2checkout, Credit Cards, and Bank payments

  4. #4
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by jamshed_11946 View Post
    Don't know what exactly happened but whmcs installed on a domain through auto installer got hacked while on other domain, I installed manually and worked fine. So, is there something wrong with auto installation??
    Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc

    WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps

    You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)
    Last edited by Server Management; 10-05-2011 at 10:41 AM.
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  5. #5
    Join Date
    Aug 2009
    Location
    US/UK/MY
    Posts
    3,042
    Quote Originally Posted by cd/home View Post
    Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc

    WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps

    You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)
    Also, what other factors were involved? Did the WHMCS that was installed by an autoinstaller also have WordPress or something similar installed that had a plugin with a security flaw which allowed the hack?

    I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.
    SimpleSonic - We Make Fast... Easy!
    US/UK/MY - 100% Uptime - Shared - Reseller - cPanel - DirectAdmin - WHMCS Included!
    Blazing Fast NVMe SSD - CloudLinux - Imunify360 - LiteSpeed - MailChannels - JetBackup

  6. #6
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by HostMantis View Post
    I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.
    Exactly, What softaculous and the likes install is the same more or less as if you would manually install it file wise, of course you still need to do some manual work on WHMCS if installed by an auto-installer such as the extra security tips as outlined by WHMCS, Everyone should apply them tips though TBH.
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  7. #7
    Join Date
    May 2010
    Location
    Bhakkar
    Posts
    1,592
    I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.
    HostinPK.com
    [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
    cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
    We accept PayPal, 2checkout, Credit Cards, and Bank payments

  8. #8
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by jamshed_11946 View Post
    I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.
    How do you know WHMCS was hacked and it wasnt your hosting account or even the server as a whole that got rooted?
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  9. #9
    Join Date
    May 2010
    Location
    Bhakkar
    Posts
    1,592
    The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.
    HostinPK.com
    [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
    cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
    We accept PayPal, 2checkout, Credit Cards, and Bank payments

  10. #10
    this thing was happens to my client site on phpbb forum, and installation was made by auto installer, not sure about Whmcs!!!!
    there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!
    ☆☆ RoyalNode Web Hosting☆☆ In Business Since 2018 (3 Years)
    ►►Los Angeles CA USA, Oregon Seattle USA, Canada, Amsterdam NL EU based Shared and Reseller Web Hosting◄◄
    ►►
    Affordable Managed SSD VPS and Managed Dedicated Server Provider◄◄

  11. #11
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by jamshed_11946 View Post
    The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.
    Sounds like a bluff to me, Why go to the effort of hacking your WHMCS installation and not doing anything to it?

    The whole point of hacking is to gain unauthorised access to ones system to cause mayhem not to email you and say "Hey, I went to all that effort over peanuts but your security is crap"

    Which verison of WHMCS was it as their was a security patch released for WHMCS a while back.
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  12. #12
    Join Date
    Jan 2006
    Location
    India
    Posts
    637
    ►ExpertWebHost.NET- Instant reliable hosting since 2008+
    ►Quality Shared, Reseller, SEO and VPS hosting
    ►Choose to host from US/Uk/Canada/Singapore/Netherlands/Australia - 10 locations

  13. #13
    Join Date
    May 2010
    Location
    Bhakkar
    Posts
    1,592
    Quote Originally Posted by ExpertWebHostNET View Post
    Yes. I have patched already. Hope that the hole will be fixed in V5 release.
    HostinPK.com
    [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
    cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
    We accept PayPal, 2checkout, Credit Cards, and Bank payments

  14. #14
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,089
    Quote Originally Posted by Askforhost Hosting View Post
    there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!
    So you didn't actually see that? If not, you're simply spreading FUD and should probably stop.
    If you have anything to back that up, I'm sure we'd all love to see it.
    Your one stop shop for decentralization

  15. #15
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by bear View Post
    If you have anything to back that up, I'm sure we'd all love to see it.
    Untill then ive just screenshot and printed this thread and wiped my **** with it, Thats how much its concerning me over my WHMCS installations
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

Similar Threads

  1. Replies: 0
    Last Post: 11-12-2010, 08:26 PM
  2. Replies: 3
    Last Post: 10-28-2010, 01:15 PM
  3. Replies: 0
    Last Post: 10-10-2010, 01:37 PM
  4. Replies: 4
    Last Post: 05-24-2010, 12:30 AM
  5. WHMCS Configuration, Install, Secure & Upgrade Service
    By GigeWeb in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 03-16-2010, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •