Jump to content
MDDHosting Forums

Updated WHMCS but its hacked

Recommended Posts

My whmcs, cpanel and WHM all hacked. These are all hacked already and i recovered them today morning, changed all the passwords of my emial accounts, hosting accounts, whmcs and all. Stored them inside Truecrypt Encrypted drive in my HDD

removed all traces of them online.

But just before 15 minutes WHMCS, Cpanel , WHM all are hacked again.

I dont know the reason, can any one help to prevent this from happening again?

https://hermes.supportedns.com:2083 is up ?

Link to comment
Share on other sites

i opened the ticket, still waiting for reply.

i downloaded the whmcs script given in "my services" tab in support section. I guess its the latest patch ?

There was a critical update that we emailed out to all customers on December 2nd, 2011 and we also posted it on our forums for any who may overlook the email (here).


If you didn't install this update it's likely the cause of your exploitation. What most do with this exploit is upload a file that allows them to upload more files/execute things/perform commands. Essentially they take over your WHMCS and your account and then do with it what they wish. Unfortunately cleaning something like this is outside of our scope and is a complicated process.


My personal advice in this case is to review the database to make sure no extraneous administrative users have been added, export the database, then clear the account and reinstall WHMCS from scratch (and any other software) and then reimport the database(s). Without doing this, or going file by file manually, it's nearly impossible to determine if the attacker has left a back-door in the account to get back in and re-compromise it.


I know from the ticket that we did run a malware scan on your account and identified/quarantined several shell/command scripts (i.e. hack tools) but that doesn't mean that we caught everything with the scan. The fresh start is the best idea but if you have the time, skill, and inclination you can review your files manually.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...