Web Hosting Talk : Web Hosting Main Forums : Hosting Software and Control Panels : Which WHMCS version to use? (Security Wise)

[MrEliasen]

Hi WHT

I see a lot of hosts still using version 4x of WHMCS.
Is this because of the 4.x being more secure or just in terms of "don't fix what ain't broken"?

If I would install WHMCS on my server, which version would you recommend installing?
I would normally install the latest version without question, but I just need to make sure it's the same thing here.

Thanks!

[TheSimpleHost-Nathan]

Use the latest version. 5 is fine and I'm guessing most people don't see the point in upgrading (effort).

If you want to stick with 4.x make sure you apply all security patches that are released.

[MrEliasen]

Alright, I just had a test version of WHMCS up and running only vanilla install of the latest 5 verson, and it was hacked. I am checking with the provider to see if attack was from somewhere else on the server rather than WHMCS exploit as I am currently on a shared server.

If it was my WHMCS, then I'll post it to WHMCS.

Thanks for your help though

[LVPSHosting]

WHMCS 5 works excellent.

[Patrick]

The latest version is obviously the best version to use based on the amount of new features, bugs fixed, etc. I believe the last security flaw existed in version 4, so it makes no sense to even use it.

[MrEliasen]

That was my thought as well Patrick.
Like I said in my previous post, I my WHMCS 5 version was hacked. I am still working with my provider to find out how the attack happened.

I cannot at this point say if it was through a vulnerability in WHMCS or through some server software or like.

My website was only running WHMCS and 1 static website with a few lines of HTML.

Once I learn more about this, I'll post it here.

[hostfeat]

You should always use the latest version but it's better to configure the WHMCS for further security :
http://docs.whmcs.com/Further_Security_Steps

[MrEliasen]

Quote:

Originally Posted by hostfeat

You should always use the latest version but it's better to configure the WHMCS for further security :
http://docs.whmcs.com/Further_Security_Steps

I did it all, and I did use the latest version, this is what got me worried.

[hostfeat]

Quote:

Originally Posted by MrEliasen

I did it all

So you shouldn't be worry! ..
One more Step: Put Directory password on your admin area!.

[MrEliasen]

Quote:

Originally Posted by hostfeat

So you shouldn't be worry! ..
One more Step: Put Directory password on your admin area!.

It's just that I have nothing else that WHMCS and my static front page with is a logo and 2 lines of text, so the attach must have been with WHMCS I'd guess.

However I have not heard anything from my provider so I will not conclude anything just yet.

Yea I did not have password protection on my admin area.
The domain I had WHMCS on was about 7 days old, so I'm gussing it must be a bot which did the stuff to the WHMCS/Website, via a "common" exploit.

I'll let you know once I know more.

[Kevin K]

Quote:

Originally Posted by MrEliasen

It's just that I have nothing else that WHMCS and my static front page with is a logo and 2 lines of text, so the attach must have been with WHMCS I'd guess.

However I have not heard anything from my provider so I will not conclude anything just yet.

Yea I did not have password protection on my admin area.
The domain I had WHMCS on was about 7 days old, so I'm gussing it must be a bot which did the stuff to the WHMCS/Website, via a "common" exploit.

I'll let you know once I know more.

Are you running the 5.0.3 version or and earlier version of 5.0? If you are running anything earlier than 5.0.3 there is a security patch that needs to be applied. You can find it at http://forum.whmcs.com/showthread.php?t=43462.

My guess it you might have gotten hacked by this common exploit that they did patch up.

[MrEliasen]

The WHMCS I had installed was the newest I downloaded about 5 days ago, so I am quite sure, but just to make sure I'll give the version a look Just to make 100% sure .

I hope I have an earlier version installed, but I don't think I do.

[Kevin K]

IF you downloaded it a few days ago, then it should be the 5.0.3. Hopefully your host will have some insight into what happened.

You might also what to contact WHMCS and see if they will look into it. You never know when new exploits may pop up and WHMCS should definitely be made aware of this, just in case.

As always there are other factors that could effect this, like poor passwords, improper permissions, or security issues on the server itself.

[MrEliasen]

I will indeed make WHMCS aware of it if it turns out to be coming from WHMCS.

I am still awaiting the investigation report from my provider, once I know what happened, I'll post it here (unless I deem that it would pose a thread to other WHMCS installations) and report to WHMCS.

[hostfeat]

I believe it should be some problem with your provider or you have Trojan installed on your PC .
See your latest visits log, download your apache log under your hosting CP, and also see your admin log plus activity log under WHMCS, if your WHMCS got compromised you should be able to find hacker's IP else your server has been hacked.