• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

hack whmcs v7

saadatidust

saadatidust

New member
Banned User
Apr 25, 2021
28
0
1
hi
I'm using a whmcs system that has null version 7.
A few days ago, a hacker hacked it and did whatever he wanted with the admin access level. And he put his PayPal address in the site and my customers unknowingly deposited money into his account. I deleted his username several times but it still comes up. I encrypted the login path to the admin page and even renamed it. I even changed the access login page of the admin page to my own IP, but it still has access to the admin panel.
I do not know where they get access to this password? Does he have access to CNN or whmcs himself ?? If it has access to whmcs then how can you edit the .htaccess file?
What is the way to remove his access?

Can you check the subject? I was really upset and could only get out of the way.
 
Firstly, Welcome to Babiato!
Your WHMCS script is only as secure as your server as both need to work in harmony.

You also need to look at upgrading to the lastest version to make sure there is no security issues with the script.

What is your server environment? Shared, VPS or Dedicated

Does the server have real-time antivirus and malware scanners?

Do the server have a firewall and modsecurity installed?

Where did you get the WHMCS from is it safe or does it have a backdoor?

These are the basics you need to ask yourself before you can really secure your WHMCS.
 
  • Like
Reactions: siriot
saadatidust said:
hi
I'm using a whmcs system that has null version 7.
A few days ago, a hacker hacked it and did whatever he wanted with the admin access level. And he put his PayPal address in the site and my customers unknowingly deposited money into his account. I deleted his username several times but it still comes up. I encrypted the login path to the admin page and even renamed it. I even changed the access login page of the admin page to my own IP, but it still has access to the admin panel.
I do not know where they get access to this password? Does he have access to CNN or whmcs himself ?? If it has access to whmcs then how can you edit the .htaccess file?
What is the way to remove his access?

Can you check the subject? I was really upset and could only get out of the way.
Click to expand...
Hello, if possible dm me, i may help you out with a possible solution, alternatively i recommend to update the whmcs version to the latest.
 
  • Like
Reactions: saadatidust
Bossmanuk said:
Firstly, Welcome to Babiato!
Your WHMCS script is only as secure as your server as both need to work in harmony.

You also need to look at upgrading to the lastest version to make sure there is no security issues with the script.

What is your server environment? Shared, VPS or Dedicated

Does the server have real-time antivirus and malware scanners?

Do the server have a firewall and modsecurity installed?

Where did you get the WHMCS from is it safe or does it have a backdoor?

These are the basics you need to ask yourself before you can really secure your WHMCS.
Click to expand...
Hello
The server has a firewall
Our hosting is shared
I downloaded and installed whmcs from Babiato.
 
The username he uses is exactly the same as my whmcs system admin username, with only one number added to the end.
Does he have access to C Panel or does he create this username via Sql injection?
 
saadatidust said:
The username he uses is exactly the same as my whmcs system admin username, with only one number added to the end.
Does he have access to C Panel or does he create this username via Sql injection?
Click to expand...


Good day

UPDATE​

UPDATE​

UPDATE​


All your systems.

WHMCS and any scripts are not updated to look cool.
They are because of security concerns.

The hacker, either knows a vulnerability in version 7 or your server is not up to date.

In any case, stop talking here and update your WHMCS to the latest version, then come back and talk for more help.

Cheers.
NoBs
 
saadatidust said:
Hello
The server has a firewall
Our hosting is shared
I downloaded and installed whmcs from Babiato.
Click to expand...
Update WHMCS to the latest version, then change all passwords on the server Cpanel including emails. Then scan the server with Clamav or maldetect if you don't know what they are please ask your hosting provider if they can install it on the server for you. Scan all directories and see if it detects any backdoors etc.
 
  • Like
Reactions: saadatidust
Exactly I doubt them too.
Friends, can you help me find a suitable feeling? Hosts that support DMCA?
 
First of all, If you are using it for service purpose, Then VPS or cloud is best option for any reputed company.
I am running my approx all website of AWS and Digital Ocean Droplet, It charged very less than any other hosting provider.
I have received several time promotional code.

In This case, It is SQL injection or access through your cpanel.
 
  • Like
Reactions: saadatidust
pateljee said:
First of all, If you are using it for service purpose, Then VPS or cloud is best option for any reputed company.
I am running my approx all website of AWS and Digital Ocean Droplet, It charged very less than any other hosting provider.
I have received several time promotional code.

In This case, It is SQL injection or access through your cpanel.
Click to expand...
How can I fix the problem?
 
C Panel has detected these files as malicious. How do I delete them? Should I delete them manually? ytrg.jpg
 
The hosting provider asked me to send them my last backup from last year so they could run it on another host for me.
The problem is that we new users are used to whmcs .. Can I restore the database backup on that new host after restoring old files so that my new users' information is not lost?
 
saadatidust said:
The hosting provider asked me to send them my last backup from last year so they could run it on another host for me.
The problem is that we new users are used to whmcs .. Can I restore the database backup on that new host after restoring old files so that my new users' information is not lost?
Click to expand...
Yes. You can use this backup.
 
You must log in or register to reply here.

Similar threads

999jh
Payment Gateway Charges For WHMCS - Not Null
Replies
0
Views
75
WHMCS Modules
999jh
999jh
afreena
Support Verification PIN For WHMCS
Replies
2
Views
152
WHMCS Modules
afreena
afreena
afreena
Binance Pay For WHMCS
Replies
0
Views
102
WHMCS Modules
afreena
afreena
afreena
WHMCS Nulled - Null any plugins themes yourself.
Replies
41
Views
2K
WHMCS Modules
hidromedusaK
H
AldmeriDominion
Shamsi date converter WHMCS module
Replies
2
Views
146
WHMCS Modules
afreena
afreena

Latest posts

Forum statistics

Threads
79,538
Messages
1,144,604
Members
249,803
Latest member
fluffmail

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock