hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Software and Control Panels : Is it secure to install whmcs through autoinstallers?
Reply

Forum Jump

Is it secure to install whmcs through autoinstallers?

Reply Post New Thread In Hosting Software and Control Panels Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Reseller Specialist
 
Join Date: May 2010
Location: Planet Earth
Posts: 1,588
Question

Is it secure to install whmcs through autoinstallers?


I want to know that is it secure to install whmcs through aut installers such like fantastico etc..
I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe. There may be any hole instead of this point but it may be. So, what do you suggest manual installation or automatic.

__________________
Modelwebhost.com
[US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,464
Quote:
Originally Posted by jamshed_11946 View Post
I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe.
I dont see how this is exactly possible, Please share more details...

I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security, It will certainly help those who put their WHMCS installation on a $1/Month shared cPanel account!

__________________
LeapHost High Performance Wordpress & Magento Hosting Powered By Litespeed
Fast Dedicated Servers | Uptime Cloud Monitoring | Proactive Server Management
24/7 Ticket > Phone > Live Chat Support | Fancy An Offer > Visit Our LH Specials


  #3  
Old
Reseller Specialist
 
Join Date: May 2010
Location: Planet Earth
Posts: 1,588
Arrow

Quote:
Originally Posted by cd/home View Post
I dont see how this is exactly possible, Please share more details...

I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security...
Don't know what exactly happened but whmcs installed on a domain through auto installer got hacked while on other domain, I installed manually and worked fine. So, is there something wrong with auto installation??

__________________
Modelwebhost.com
[US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

Sponsored Links
  #4  
Old
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,464
Quote:
Originally Posted by jamshed_11946 View Post
Don't know what exactly happened but whmcs installed on a domain through auto installer got hacked while on other domain, I installed manually and worked fine. So, is there something wrong with auto installation??
Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc

WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps

You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)

__________________
LeapHost High Performance Wordpress & Magento Hosting Powered By Litespeed
Fast Dedicated Servers | Uptime Cloud Monitoring | Proactive Server Management
24/7 Ticket > Phone > Live Chat Support | Fancy An Offer > Visit Our LH Specials



Last edited by cd/home; 10-05-2011 at 10:41 AM.
  #5  
Old
Making Reliable Affordable
 
Join Date: Aug 2009
Location: Metro Detroit Area
Posts: 1,401
Quote:
Originally Posted by cd/home View Post
Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc

WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps

You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)
Also, what other factors were involved? Did the WHMCS that was installed by an autoinstaller also have WordPress or something similar installed that had a plugin with a security flaw which allowed the hack?

I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.

__________________
HostMantis Affordable Web Hosting
Shared Reseller VPS Dedicated 24/7/365 Support Instant Activation
CloudLinux CloudFlare Softaculous Premium Multi PHP cPanel
Also offering Windows Hosting with ASP.NET Multi PHP MSSQL Plesk

  #6  
Old
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,464
Quote:
Originally Posted by HostMantis View Post
I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.
Exactly, What softaculous and the likes install is the same more or less as if you would manually install it file wise, of course you still need to do some manual work on WHMCS if installed by an auto-installer such as the extra security tips as outlined by WHMCS, Everyone should apply them tips though TBH.

__________________
LeapHost High Performance Wordpress & Magento Hosting Powered By Litespeed
Fast Dedicated Servers | Uptime Cloud Monitoring | Proactive Server Management
24/7 Ticket > Phone > Live Chat Support | Fancy An Offer > Visit Our LH Specials


  #7  
Old
Reseller Specialist
 
Join Date: May 2010
Location: Planet Earth
Posts: 1,588
I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.

__________________
Modelwebhost.com
[US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  #8  
Old
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,464
Quote:
Originally Posted by jamshed_11946 View Post
I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.
How do you know WHMCS was hacked and it wasnt your hosting account or even the server as a whole that got rooted?

__________________
LeapHost High Performance Wordpress & Magento Hosting Powered By Litespeed
Fast Dedicated Servers | Uptime Cloud Monitoring | Proactive Server Management
24/7 Ticket > Phone > Live Chat Support | Fancy An Offer > Visit Our LH Specials


  #9  
Old
Reseller Specialist
 
Join Date: May 2010
Location: Planet Earth
Posts: 1,588
The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.

__________________
Modelwebhost.com
[US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  #10  
Old
Web Hosting Master
 
Join Date: Jul 2011
Posts: 2,440
this thing was happens to my client site on phpbb forum, and installation was made by auto installer, not sure about Whmcs!!!!
there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!

__________________
Askforhost Web Hosting
Buffalo NY USA, Dallas USA, Amsterdam NL EU based Shared and Reseller Web Hosting
Affordable VPS and Dedicated Server Provider

  #11  
Old
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,464
Quote:
Originally Posted by jamshed_11946 View Post
The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.
Sounds like a bluff to me, Why go to the effort of hacking your WHMCS installation and not doing anything to it?

The whole point of hacking is to gain unauthorised access to ones system to cause mayhem not to email you and say "Hey, I went to all that effort over peanuts but your security is crap"

Which verison of WHMCS was it as their was a security patch released for WHMCS a while back.

__________________
LeapHost High Performance Wordpress & Magento Hosting Powered By Litespeed
Fast Dedicated Servers | Uptime Cloud Monitoring | Proactive Server Management
24/7 Ticket > Phone > Live Chat Support | Fancy An Offer > Visit Our LH Specials


  #12  
Old
Web Hosting Evangelist
 
Join Date: Jan 2006
Location: India
Posts: 525

__________________
►ExpertWebHost.NET- Instant reliable CPanel hosting since 2008+
►Quality Shared, Reseller and SEO hosting
►Choose to host from US/Uk/Canada/Netherlands/Australia - 10 locations


  #13  
Old
Reseller Specialist
 
Join Date: May 2010
Location: Planet Earth
Posts: 1,588
Quote:
Originally Posted by ExpertWebHostNET View Post
Yes. I have patched already. Hope that the hole will be fixed in V5 release.

__________________
Modelwebhost.com
[US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  #14  
Old
Community Leader
 
Join Date: Oct 2002
Location: Mayberry
Posts: 19,912
Quote:
Originally Posted by Askforhost Hosting View Post
there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!
So you didn't actually see that? If not, you're simply spreading FUD and should probably stop.
If you have anything to back that up, I'm sure we'd all love to see it.

__________________
Having problems, or maybe questions about WHT? Head over to the help desk!



  #15  
Old
Web Hosting Master
 
Join Date: Nov 2009
Location: /etc/my.cnf
Posts: 9,464
Quote:
Originally Posted by bear View Post
If you have anything to back that up, I'm sure we'd all love to see it.
Untill then ive just screenshot and printed this thread and wiped my **** with it, Thats how much its concerning me over my WHMCS installations

__________________
LeapHost High Performance Wordpress & Magento Hosting Powered By Litespeed
Fast Dedicated Servers | Uptime Cloud Monitoring | Proactive Server Management
24/7 Ticket > Phone > Live Chat Support | Fancy An Offer > Visit Our LH Specials


Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
WHMCS Integration - WHMCS Services- WHMCS Install - WHMCS Upgrade- WHMCSconfiguration Dustin Cisneros Design Offers 0 11-12-2010 08:26 PM
WHMCS INTEGRATION - WHMCS SERVICES - WHMCS CONFIGURATION - WHMCS INSTALL/UPGRADE Dustin Cisneros Design Offers 3 10-28-2010 01:15 PM
WHMCS Integration - WHMCS Configuration - WHMCS Upgrade - WHMCS Install Dustin Cisneros Design Offers 0 10-10-2010 01:37 PM
whmcs integration - whmcs install - whmcs upgrade - whmcs configuration Dustin Cisneros Design Offers 4 05-24-2010 12:30 AM
WHMCS Configuration, Install, Secure & Upgrade Service GigeWeb Other Web Hosting Related Offers 0 03-16-2010 11:16 AM

Related posts from TheWhir.com
Title Type Date Posted
WHMCS Encourages Users to Upgrade as Part of Important Security Update Web Hosting News 2014-08-27 12:05:55
OnApp Releases New WHMCS Module for Service Providers Web Hosting News 2014-01-21 14:04:13
WHMCS Security Issue Allows for Information Disclosure Web Hosting News 2013-10-25 09:30:46
WHMCS Releases Patch to Address Critical Security Issue Web Hosting News 2013-10-04 16:12:43
WHMCS Releases Version 5.2 of Web Hosting Billing Solution Web Hosting News 2013-04-14 22:35:37


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?