Results 1 to 15 of 15
-
10-05-2011, 09:51 AM #1Web Hosting Master
- Join Date
- May 2010
- Location
- Bhakkar
- Posts
- 1,592
Is it secure to install whmcs through autoinstallers?
I want to know that is it secure to install whmcs through aut installers such like fantastico etc..
I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe. There may be any hole instead of this point but it may be. So, what do you suggest manual installation or automatic.██ HostinPK.com
██ [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
██ cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
██ We accept PayPal, 2checkout, Credit Cards, and Bank payments
-
10-05-2011, 10:01 AM #2Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
I dont see how this is exactly possible, Please share more details...
I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security, It will certainly help those who put their WHMCS installation on a $1/Month shared cPanel account!UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
10-05-2011, 10:04 AM #3Web Hosting Master
- Join Date
- May 2010
- Location
- Bhakkar
- Posts
- 1,592
██ HostinPK.com
██ [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
██ cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
██ We accept PayPal, 2checkout, Credit Cards, and Bank payments
-
10-05-2011, 10:36 AM #4Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc
WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps
You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)Last edited by Server Management; 10-05-2011 at 10:41 AM.
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
10-05-2011, 11:11 AM #5
Also, what other factors were involved? Did the WHMCS that was installed by an autoinstaller also have WordPress or something similar installed that had a plugin with a security flaw which allowed the hack?
I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.SimpleSonic - We Make Fast... Easy!
US/UK/MY - 100% Uptime - Shared - Reseller - cPanel - DirectAdmin - WHMCS Included!
Blazing Fast NVMe SSD - CloudLinux - Imunify360 - LiteSpeed - MailChannels - JetBackup
-
10-05-2011, 11:17 AM #6Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Exactly, What softaculous and the likes install is the same more or less as if you would manually install it file wise, of course you still need to do some manual work on WHMCS if installed by an auto-installer such as the extra security tips as outlined by WHMCS, Everyone should apply them tips though TBH.
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
10-05-2011, 09:45 PM #7Web Hosting Master
- Join Date
- May 2010
- Location
- Bhakkar
- Posts
- 1,592
I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.
██ HostinPK.com
██ [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
██ cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
██ We accept PayPal, 2checkout, Credit Cards, and Bank payments
-
10-06-2011, 03:27 AM #8Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
10-06-2011, 11:11 AM #9Web Hosting Master
- Join Date
- May 2010
- Location
- Bhakkar
- Posts
- 1,592
The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.
██ HostinPK.com
██ [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
██ cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
██ We accept PayPal, 2checkout, Credit Cards, and Bank payments
-
10-06-2011, 11:18 AM #10Web Hosting Master
- Join Date
- Jul 2011
- Posts
- 2,636
this thing was happens to my client site on phpbb forum, and installation was made by auto installer, not sure about Whmcs!!!!
there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!☆☆ RoyalNode Web Hosting☆☆ In Business Since 2018 (3 Years)
►►Los Angeles CA USA, Oregon Seattle USA, Canada, Amsterdam NL EU based Shared and Reseller Web Hosting◄◄
►►Affordable Managed SSD VPS and Managed Dedicated Server Provider◄◄
-
10-06-2011, 04:30 PM #11Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Sounds like a bluff to me, Why go to the effort of hacking your WHMCS installation and not doing anything to it?
The whole point of hacking is to gain unauthorised access to ones system to cause mayhem not to email you and say "Hey, I went to all that effort over peanuts but your security is crap"
Which verison of WHMCS was it as their was a security patch released for WHMCS a while back.UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
10-16-2011, 09:46 PM #12Web Hosting Master
- Join Date
- Jan 2006
- Location
- India
- Posts
- 637
Take a look at http://www.webhostingtalk.com/showthread.php?p=7745308
-
10-16-2011, 09:49 PM #13Web Hosting Master
- Join Date
- May 2010
- Location
- Bhakkar
- Posts
- 1,592
██ HostinPK.com
██ [US/UK] Shared Hosting, Reseller Hosting, VPS Hosting
██ cPanel/CWP | Softaculous | WHMCS | Dedicated IP | SSL
██ We accept PayPal, 2checkout, Credit Cards, and Bank payments
-
10-17-2011, 08:15 AM #14
-
10-17-2011, 08:30 AM #15Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Similar Threads
-
WHMCS Integration - WHMCS Services- WHMCS Install - WHMCS Upgrade- WHMCSconfiguration
By Dustin B Cisneros in forum Design OffersReplies: 0Last Post: 11-12-2010, 08:26 PM -
WHMCS INTEGRATION - WHMCS SERVICES - WHMCS CONFIGURATION - WHMCS INSTALL/UPGRADE
By Dustin B Cisneros in forum Design OffersReplies: 3Last Post: 10-28-2010, 01:15 PM -
WHMCS Integration - WHMCS Configuration - WHMCS Upgrade - WHMCS Install
By Dustin B Cisneros in forum Design OffersReplies: 0Last Post: 10-10-2010, 01:37 PM -
whmcs integration - whmcs install - whmcs upgrade - whmcs configuration
By Dustin B Cisneros in forum Design OffersReplies: 4Last Post: 05-24-2010, 12:30 AM -
WHMCS Configuration, Install, Secure & Upgrade Service
By GigeWeb in forum Other Web Hosting Related OffersReplies: 0Last Post: 03-16-2010, 11:16 AM