During the last months, there has been a hacking attempt by someone (probably Indonesian, male) on our hosting management app. We are using WHMCS and looks like on version 4 it has some security holes. SQL Injection Vulnerability as explained well in this blog. It’s very easy to find WHMCS system in the wild. Googling something like “Powered by WHMCompleteSolution” will do.
Our master cPanel password was changed but we learn from the log that this guy never logged in. Probably because the injection only changed the password, not be able to show it to him. We upgraded the WHMCS to version 5 which is secured from SQL injection. But all the member password must be reset due to incompability upgrader from WHMCS team.
After zooming the log files, we can safely say that the guy didn’t do any damage. Moral of the story: Don’t leave an unupgraded software for too long.