I'm looking for something more secure

[Schmarvin]

Lately, I've been having a lot of people breaking into my WHMCS. I know its not my server security, because they would have locked me out of my server.

So, is there any software that does the same as WHMCS but is more secure?

 

[jphilipson]

Well, how are they breaking in? Are they using a password or a script exploit. Check the access logs for the site to see what they are doing. Sounds like it may be password sniffing or malware - do you always access with a secure URL?

 

[eSupun]

WHMCS is a well built billing system which has a very good security compared to other billing scripts. So I can't recommend you another beyond WHMCS.

I am wondering how these hackers get in?
Probably you haven't tweaked WHMCS to avoid hackers. Also this may happen if you have an outdated version of WHMCS.

If neither of my suggestions are working for you, contact WHMCS support and describe your situation. Maybe they can help you.

But, Ah!
There is one another billing system which can be compared to WHMCS. It's name is ClientExec. You can give it a try if you decided not to be with WHMCS anymore.

 

[Schmarvin]

Well, how are they breaking in? Are they using a password or a script exploit. Check the access logs for the site to see what they are doing. Sounds like it may be password sniffing or malware - do you always access with a secure URL?

No external scripts were used. Access logs say a few breach attempts at brute entry. The IPs keep getting banned. There is no secure URL. As I have never needed one. None of the information is touched. :/ It seems someone just breaks in to change settings in the backend.

WHMCS is a well built billing system which has a very good security compared to other billing scripts. So I can't recommend you another beyond WHMCS.

I am wondering how these hackers get in?
Probably you haven't tweaked WHMCS to avoid hackers. Also this may happen if you have an outdated version of WHMCS.

If neither of my suggestions are working for you, contact WHMCS support and describe your situation. Maybe they can help you.

But, Ah!
There is one another billing system which can be compared to WHMCS. It's name is ClientExec. You can give it a try if you decided not to be with WHMCS anymore.

I will try to secure it again. But, I'm not sure what else to do. If all else fails, I may have to contact WHMCS directly. Also, I keep it up-to-date, so that should not be a problem. I try to keep on top of the situation. But, I guess since I've been away and without full contact to a computer daily, I probably need a better way of staying on top of security.

 

[Darknight]

for a start, SSL is needed when dealing with personal infomation.

 

[Schmarvin]

for a start, SSL is needed when dealing with personal infomation.

I'm not made of money, and I do not have a money tree. I'm running tight on budget right now. But, if you could find me a low-cost solution, that would be great.

 

[Tracker]

You can get ssl's cheap from various domain providers... I like namecheap myself but most places have them for around $10~

 

[Schmarvin]

Hm...I will look into it. Thank you.

 

[Eric_HE]

I'm surprised this issue,I agree that WHMCS is a well built billing system.With respect to ssl,I do not recommend it.As you mentioned brute entry,you can ban the IP if tried several attempts.

 

[ExpertWebHost]

You may try any billing system and if it is without SSL, most probably your login details will be sniffed and you are susceptible to a hack. As a host we must have SSL in place to get the best of security for ourselves and our customers personal information.

 

[WL-Michael]

You can get ssl's cheap from various domain providers... I like namecheap myself but most places have them for around $10~

I can also vouch for the Namecheap SSLs. Good stuff.

 

[Seanieb]

a verified non chained RapidSSL cert is $15-20 a year. Peace of mind for you and your customers is worth a lot more than that.

Better password practices wouldnt hurt either.

 

[HostPair]

Hi,

To increase your whmcs security rename your whmcs admin folder, then re-issue your license and use ssl.

 

[314Hosting]

Hi,

To increase your whmcs security rename your whmcs admin folder, then re-issue your license and use ssl.

Good idea, and this has also been suggested in the whmcs wiki at wiki.whmcs.com

 

[HL-Sean]

Did you try renaming your admin folder? The new WHMCS allows you to rename the admin folder.

 

[WebIntellects-R]

I doubt if you will be able to find something more secured.

 

[Hostrail-M]

Did you try renaming your admin folder? The new WHMCS allows you to rename the admin folder.

I do not think he has managed to rename that

 

[~ServerPoint~]

Lately, I've been having a lot of people breaking into my WHMCS. I know its not my server security, because they would have locked me out of my server.

I believe you need to use another pass only to be able to access there with more security.

 

[Schmarvin]

I believe you need to use another pass only to be able to access there with more security.

Think it could be the other administrator account?