whmcs follow up whmcs被黑后续跟进

whmcs官方账号强制用户重置密码 https://www.whmcs.com/members/pwreset.php ,即使在whmcs被黑后重置过。
whmcs官方建议的whmcs安全设置 http://go.whmcs.com/22/security
1 重命名admin文件夹
2 基本配置whmcs安全设置
3 whmcs建议用密码或身份验证以保护admin文件夹的安全。

  1. Dear Customer,
  3. This is a follow up to the Urgent Security Alert email sent earlier this week. As you will be aware from that, we were the victim of a malicious attack which has resulted in our server being accessed, and our database being compromised.
  5. As a security precaution, we are expiring all passwords for our client area. In order to restore access to your account, please visit the following url to reset your password:
  6. https://www.whmcs.com/members/pwreset.php
  8. We have restored all essential services except for our forums, and resumed normal operations as quickly as possible in order to keep licensing and support channels open. We are still actively working to restore the forums, and we expect them to return to operation soon.
  10. A full security audit and hardening was undertaken immediately following the breach, and the site remains safe to use. It is important to note that the breach we experienced was the result of a social engineering attack, and not the result of a hack or a breach in the WHMCS software.
  12. We continue to experience a distributed denial of service attack, which has caused disruption to our public facing site. We are in the process of moving to a more expansive infrastructure which should mitigate this type of attack in the future. With this move, we will have a much stronger setup with additional layers of security, and these upgrades to our infrastructure will ultimately mean that our servers, and your data, will be better protected than ever before.
  14. Please be aware, that in order to deliver these security upgrades, we expect some very brief downtime during the migration process. We apologize in advance for any inconvenience this may cause.
  16. While we are all currently focused on security, we would like to take this opportunity to ask everyone to read our Security Guide @ http://go.whmcs.com/22/security
  18. While it would be ideal for all steps to be followed, we recommend that you at least rename (http://go.whmcs.com/23/securityfolder), and apply IP protection (http://go.whmcs.com/24/securityip) and/or password protection (http://go.whmcs.com/25/securityadmin) to the admin directory.
  20. We are continuing to work tirelessly to resume normal service and regain your trust. On behalf of everyone at WHMCS please accept my apologies for the inconvenience and we thank you for your support.
  22. ----
  23. Matt
  24. WHMCS Limited
  25. www.whmcs.com



  1. Urgent Security Alert - Please Do Not Ignore
  3. Unfortunately today we were the victim of a malicious social engineering attack which has resulted in our server being accessed, and our database being compromised.
  5. To clarify, this was no hack of the WHMCS software itself, nor a hack of our server.  It was through social engineering that the login details were obtained.
  7. As a result of this, we recommend that everybody change any passwords that they have ever used for our client area, or provided via support ticket to us, immediately.
  8. Regrettably as this was our billing system database, if you pay us by credit card (excluding PayPal) then your card details may also be at risk.
  10. This is just a very brief email to alert you of the situation, as we are currently working very hard to ensure everything is back online & functioning correctly, and I will be writing to you again shortly.
  12. We would like to offer our sincere apologies for any inconvenience caused. We appreciate your support, now more than ever in this challenging time.
  14. ----
  15. WHMCS Limited
  16. www.whmcs.com



  1. http://baiqiuyi.com/


  1. about:config
  2. 搜索browser.urlbar.trimURLs
  3. 然后双击把值设置为false


但是偶尔还会摔倒 – – 特别是拐弯的时候


  1. [root@Localhost]# mv /usr/local/directadmin/data/admin/show_all_users.cache /usr/local/directadmin/data/admin/show_all_users.cache_$(date +%Y%m%d)
  3. [root@Localhost]# echo "action=cache&value=showallusers" >> /usr/local/directadmin/data/task.queue
  5. [root@Localhost]# find /usr/local/directadmin/data/ -type f -name "users.list"
  6. /usr/local/directadmin/data/users/Your_Reseller_Name/users.list
  7. /usr/local/directadmin/data/users/admin/users.list
  9. # admin/users.list 为admin的reseller身份
  10. # Your_Reseller_Name/users.list 为普通的reseller身份
  11. # 小桥流水人家 baiqiuyi.com 小桥流水人家
  12. # 如果有两个相同的users.list在同一个用户名下 那么先备份,排查并且删掉一个。
  13. # 例如Your_Reseller_Name/users.list 与 Your_Reseller_Name/users.list.cache
  15. # 如果在同一个用户名下,仅有一个users.list,那么只需要删除users.list里的相同记录即可。
1 1