Results 1 to 15 of 15
  1. #1
    Join Date
    May 2010
    Location
    Planet Earth
    Posts
    1,589

    Question Is it secure to install whmcs through autoinstallers?

    I want to know that is it secure to install whmcs through aut installers such like fantastico etc..
    I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe. There may be any hole instead of this point but it may be. So, what do you suggest manual installation or automatic.
    Modelwebhost.com
    [US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
    WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
    We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  2. #2
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,975
    Quote Originally Posted by jamshed_11946 View Post
    I am asking because I have experienced that the installation through softacoulus got hacked while manual installation was safe.
    I dont see how this is exactly possible, Please share more details...

    I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security, It will certainly help those who put their WHMCS installation on a $1/Month shared cPanel account!

  3. #3
    Join Date
    May 2010
    Location
    Planet Earth
    Posts
    1,589

    Arrow

    Quote Originally Posted by cd/home View Post
    I dont see how this is exactly possible, Please share more details...

    I think WHMCS should release more security information and guidance on best pratice on how to host WHMCS for extra security...
    Don't know what exactly happened but whmcs installed on a domain through auto installer got hacked while on other domain, I installed manually and worked fine. So, is there something wrong with auto installation??
    Modelwebhost.com
    [US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
    WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
    We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  4. #4
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,975
    Quote Originally Posted by jamshed_11946 View Post
    Don't know what exactly happened but whmcs installed on a domain through auto installer got hacked while on other domain, I installed manually and worked fine. So, is there something wrong with auto installation??
    Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc

    WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps

    You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)
    Last edited by cd/home; 10-05-2011 at 10:41 AM.

  5. #5
    Join Date
    Aug 2009
    Location
    Metro Detroit Area
    Posts
    1,552
    Quote Originally Posted by cd/home View Post
    Chances are the WHMCS installation would of been "hacked" in the first place, Many times its not actually WHMCS been "hacked" but rather your hosting account, etc

    WHMCS is extremely secure if installed correctly this includes following the extra security tips on the WHMCS site: http://docs.whmcs.com/Further_Security_Steps

    You can also add an extra layer of login security for your admin area by adding .htaccess/.htpasswd protection to your "admin" folder for WHMCS. (Remember to put the .htpasswd file outside the public_html directory/ Also remember not to use the same password that you use for the actual WHMCS admin login)
    Also, what other factors were involved? Did the WHMCS that was installed by an autoinstaller also have WordPress or something similar installed that had a plugin with a security flaw which allowed the hack?

    I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.
    HostMantis Affordable Web Hosting
    Shared Reseller VPS 24/7/365 Support Instant Activation
    CloudLinux CloudFlare Softaculous Premium Multi PHP cPanel
    Also offering Windows Hosting with Plesk 12 Multi PHP MSSQL ASP.NET

  6. #6
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,975
    Quote Originally Posted by HostMantis View Post
    I don't think the fact that it was installed using an autoinstaller would automatically explain the reason why it was hacked.
    Exactly, What softaculous and the likes install is the same more or less as if you would manually install it file wise, of course you still need to do some manual work on WHMCS if installed by an auto-installer such as the extra security tips as outlined by WHMCS, Everyone should apply them tips though TBH.

  7. #7
    Join Date
    May 2010
    Location
    Planet Earth
    Posts
    1,589
    I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.
    Modelwebhost.com
    [US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
    WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
    We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  8. #8
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,975
    Quote Originally Posted by jamshed_11946 View Post
    I applied all further security tips given by whmcs at http://docs.whmcs.com/Further_Security_Steps but still it was hacked. I was not using any wordpress or something else installation with it.
    How do you know WHMCS was hacked and it wasnt your hosting account or even the server as a whole that got rooted?

  9. #9
    Join Date
    May 2010
    Location
    Planet Earth
    Posts
    1,589
    The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.
    Modelwebhost.com
    [US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
    WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
    We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  10. #10
    this thing was happens to my client site on phpbb forum, and installation was made by auto installer, not sure about Whmcs!!!!
    there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!
    ☆☆ AskForHost Web Hosting☆☆
    ►►Buffalo NY USA, Dallas USA, Amsterdam NL EU, London UK EU based Shared and Reseller Web Hosting◄◄
    ►►
    Affordable VPS and Dedicated Server Provider◄◄

  11. #11
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,975
    Quote Originally Posted by jamshed_11946 View Post
    The hacker did not do anything and emailed me that he has hacked whmcs. He said that I will not do anything but your security is poor and I can hack again.
    Sounds like a bluff to me, Why go to the effort of hacking your WHMCS installation and not doing anything to it?

    The whole point of hacking is to gain unauthorised access to ones system to cause mayhem not to email you and say "Hey, I went to all that effort over peanuts but your security is crap"

    Which verison of WHMCS was it as their was a security patch released for WHMCS a while back.

  12. #12
    Join Date
    Jan 2006
    Location
    India
    Posts
    542
    ►ExpertWebHost.NET- Instant reliable CPanel hosting since 2008+
    ►Quality Shared, Reseller and VPS hosting
    ►Choose to host from US/Uk/Canada/Netherlands/Australia - 10 locations

  13. #13
    Join Date
    May 2010
    Location
    Planet Earth
    Posts
    1,589
    Quote Originally Posted by ExpertWebHostNET View Post
    Yes. I have patched already. Hope that the hole will be fixed in V5 release.
    Modelwebhost.com
    [US/UK] Shared Hosting, Reseller Hosting, Master Reseller Hosting
    WHMReseller | Softaculous | WHMCS | Dedicated IP | SSL
    We accept Paypal, 2checkout, Credit Cards, Payza, OKPAY and Bank payments

  14. #14
    Join Date
    Oct 2002
    Location
    Middle Dearth
    Posts
    21,257
    Quote Originally Posted by Askforhost Hosting View Post
    there was a rumor that, a sudia arbian hacker can hack any type of WHMCS,s on all servers. some was hacked and there admin panel screen shorts were shared on a hacking forum too. I was surprised to see that!
    So you didn't actually see that? If not, you're simply spreading FUD and should probably stop.
    If you have anything to back that up, I'm sure we'd all love to see it.
    Having problems, or maybe questions about WHT? Head over to the help desk!

  15. #15
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,975
    Quote Originally Posted by bear View Post
    If you have anything to back that up, I'm sure we'd all love to see it.
    Untill then ive just screenshot and printed this thread and wiped my **** with it, Thats how much its concerning me over my WHMCS installations

  16. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Similar Threads

  1. Replies: 0
    Last Post: 11-12-2010, 08:26 PM
  2. Replies: 3
    Last Post: 10-28-2010, 01:15 PM
  3. Replies: 0
    Last Post: 10-10-2010, 01:37 PM
  4. Replies: 4
    Last Post: 05-24-2010, 12:30 AM
  5. WHMCS Configuration, Install, Secure & Upgrade Service
    By GigeWeb in forum Other Web Hosting Related Offers
    Replies: 0
    Last Post: 03-16-2010, 11:16 AM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •