hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Software and Control Panels : Which WHMCS version to use? (Security Wise)
Reply

Forum Jump

Which WHMCS version to use? (Security Wise)

Reply Post New Thread In Hosting Software and Control Panels Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 03-02-2012, 09:09 AM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107

Which WHMCS version to use? (Security Wise)


Hi WHT

I see a lot of hosts still using version 4x of WHMCS.
Is this because of the 4.x being more secure or just in terms of "don't fix what ain't broken"?

If I would install WHMCS on my server, which version would you recommend installing?
I would normally install the latest version without question, but I just need to make sure it's the same thing here.

Thanks!

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein



Sponsored Links
  #2  
Old 03-02-2012, 10:13 AM
TheSimpleHost-Nathan TheSimpleHost-Nathan is offline
The Webhost
 
Join Date: Jun 2008
Location: London, UK
Posts: 928
Use the latest version. 5 is fine and I'm guessing most people don't see the point in upgrading (effort).

If you want to stick with 4.x make sure you apply all security patches that are released.

__________________
The Simple Host Ltd - Premium Quality European Web Hosting - Uptime Stats
Shared, Reseller, VPS & Dedicated Hosting
15-Day Money Back Guarantee, Nightly Backups, Installatron, Softaculous, RVSiteBuilder PRO, Instant Setup - All as standard!
Call (+44) 0845 300 9066 for more information.

  #3  
Old 03-02-2012, 10:16 AM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107
Alright, I just had a test version of WHMCS up and running only vanilla install of the latest 5 verson, and it was hacked. I am checking with the provider to see if attack was from somewhere else on the server rather than WHMCS exploit as I am currently on a shared server.

If it was my WHMCS, then I'll post it to WHMCS.

Thanks for your help though

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

Sponsored Links
  #4  
Old 03-02-2012, 10:18 AM
LVPSHosting LVPSHosting is offline
Web Hosting Master
 
Join Date: Sep 2009
Posts: 1,579
WHMCS 5 works excellent.

__________________
LVPSHosting.com|Virtual Private Servers|Dedicated Servers|
Managed Hosting Solution|24/7/365 Support
Datacentar and servers location: Holland, Europe

  #5  
Old 03-02-2012, 12:08 PM
Patrick Patrick is offline
Security Ninja
 
Join Date: Mar 2003
Location: Canada
Posts: 8,607
The latest version is obviously the best version to use based on the amount of new features, bugs fixed, etc. I believe the last security flaw existed in version 4, so it makes no sense to even use it.

__________________
Patrick William | Rack911 Research Labs | Software Security Auditing
250+ Vulnerabilities Found - Get a quote on a professional audit @ Rack911.com

www.HostingSecList.com - Security notices for the hosting community.

  #6  
Old 03-02-2012, 12:13 PM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107
That was my thought as well Patrick.
Like I said in my previous post, I my WHMCS 5 version was hacked. I am still working with my provider to find out how the attack happened.

I cannot at this point say if it was through a vulnerability in WHMCS or through some server software or like.

My website was only running WHMCS and 1 static website with a few lines of HTML.

Once I learn more about this, I'll post it here.

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  #7  
Old 03-02-2012, 12:41 PM
hostfeat hostfeat is offline
Disabled
 
Join Date: Jan 2011
Location: St Catharines
Posts: 68
You should always use the latest version but it's better to configure the WHMCS for further security :
http://docs.whmcs.com/Further_Security_Steps

  #8  
Old 03-02-2012, 12:46 PM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107
Quote:
Originally Posted by hostfeat View Post
You should always use the latest version but it's better to configure the WHMCS for further security :
http://docs.whmcs.com/Further_Security_Steps
I did it all, and I did use the latest version, this is what got me worried.

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  #9  
Old 03-02-2012, 01:18 PM
hostfeat hostfeat is offline
Disabled
 
Join Date: Jan 2011
Location: St Catharines
Posts: 68
Quote:
Originally Posted by MrEliasen View Post
I did it all
So you shouldn't be worry! ..
One more Step: Put Directory password on your admin area!.

  #10  
Old 03-02-2012, 01:25 PM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107
Quote:
Originally Posted by hostfeat View Post
So you shouldn't be worry! ..
One more Step: Put Directory password on your admin area!.
It's just that I have nothing else that WHMCS and my static front page with is a logo and 2 lines of text, so the attach must have been with WHMCS I'd guess.

However I have not heard anything from my provider so I will not conclude anything just yet.

Yea I did not have password protection on my admin area.
The domain I had WHMCS on was about 7 days old, so I'm gussing it must be a bot which did the stuff to the WHMCS/Website, via a "common" exploit.

I'll let you know once I know more.

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  #11  
Old 03-02-2012, 01:28 PM
Kevin K Kevin K is offline
Corporate Member
 
Join Date: Dec 2005
Location: I'm Lost...Help
Posts: 879
Quote:
Originally Posted by MrEliasen View Post
It's just that I have nothing else that WHMCS and my static front page with is a logo and 2 lines of text, so the attach must have been with WHMCS I'd guess.

However I have not heard anything from my provider so I will not conclude anything just yet.

Yea I did not have password protection on my admin area.
The domain I had WHMCS on was about 7 days old, so I'm gussing it must be a bot which did the stuff to the WHMCS/Website, via a "common" exploit.

I'll let you know once I know more.
Are you running the 5.0.3 version or and earlier version of 5.0? If you are running anything earlier than 5.0.3 there is a security patch that needs to be applied. You can find it at http://forum.whmcs.com/showthread.php?t=43462.

My guess it you might have gotten hacked by this common exploit that they did patch up.

__________________
Kevin Kopp - MonsterMegs Business Class Hosting Services
LiteSpeed Powered Shared, Reseller, and Enterprise Hosting Solutions
US & EU Hosting :: [US] PhoenixNAP | [NL] EvoSwitch Datacenters
Email Our Sales Representatives: Click Here

  #12  
Old 03-02-2012, 01:33 PM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107
The WHMCS I had installed was the newest I downloaded about 5 days ago, so I am quite sure, but just to make sure I'll give the version a look Just to make 100% sure .

I hope I have an earlier version installed, but I don't think I do.

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  #13  
Old 03-02-2012, 01:37 PM
Kevin K Kevin K is offline
Corporate Member
 
Join Date: Dec 2005
Location: I'm Lost...Help
Posts: 879
IF you downloaded it a few days ago, then it should be the 5.0.3. Hopefully your host will have some insight into what happened.

You might also what to contact WHMCS and see if they will look into it. You never know when new exploits may pop up and WHMCS should definitely be made aware of this, just in case.

As always there are other factors that could effect this, like poor passwords, improper permissions, or security issues on the server itself.

__________________
Kevin Kopp - MonsterMegs Business Class Hosting Services
LiteSpeed Powered Shared, Reseller, and Enterprise Hosting Solutions
US & EU Hosting :: [US] PhoenixNAP | [NL] EvoSwitch Datacenters
Email Our Sales Representatives: Click Here

  #14  
Old 03-02-2012, 01:42 PM
MrEliasen MrEliasen is offline
WHT Addict
 
Join Date: Aug 2011
Location: Denmark
Posts: 107
I will indeed make WHMCS aware of it if it turns out to be coming from WHMCS.

I am still awaiting the investigation report from my provider, once I know what happened, I'll post it here (unless I deem that it would pose a thread to other WHMCS installations) and report to WHMCS.

__________________
"Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  #15  
Old 03-02-2012, 01:47 PM
hostfeat hostfeat is offline
Disabled
 
Join Date: Jan 2011
Location: St Catharines
Posts: 68
I believe it should be some problem with your provider or you have Trojan installed on your PC .
See your latest visits log, download your apache log under your hosting CP, and also see your admin log plus activity log under WHMCS, if your WHMCS got compromised you should be able to find hacker's IP else your server has been hacked.

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Whois the best shared host (security wise) extras Web Hosting 14 02-12-2007 06:47 PM
security and version checks. ethereality Programming Discussion 10 07-24-2005 10:30 AM
What is better security wise : a well modded windows+firewall or a linux :x coreshell Hosting Security and Technology 4 10-06-2004 01:54 AM
Godaddy or NameCheap security wise? GeorgeC Domain Names 8 05-07-2004 01:13 PM
Any simple thinks I should be aware of? (security wise) Volconvo Hosting Security and Technology 3 09-09-2003 01:22 PM

Related posts from TheWhir.com
Title Type Date Posted
WHMCS Security Issue Allows for Information Disclosure Web Hosting News 2013-10-25 09:30:46
WHMCS Releases Patch to Address Critical Security Issue Web Hosting News 2013-10-04 16:12:43
WHMCS Integrates eNom New TLD Portal Web Hosting News 2013-04-04 16:44:38
WHMCS Releases Version 5.2 of Web Hosting Billing Solution Web Hosting News 2013-04-14 22:35:37
New BackupAgent Version Simplifies Channel Delivery of Cloud Backup Solution Web Hosting News 2012-06-26 16:57:11


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?