My WHM account access was stolen

rinrikun2021 · Aug 11, 2021

If my WHM account is stolen by someone else. Can they buy anything with my WHM access? Like buying extensions or licenses?

Thank you

arlindmurati · Aug 11, 2021

I'm not sure if I understood correctly, however if someone has your WHM access they shouldn't be able to buy something from the cPanel store as they would need your cPanel store logins, or they would require your login details for the billing platform of your host to do any harm.

cPRex · Aug 11, 2021

I agree with @arlindmurati1 - while having the WHM access stolen is never good, and would necessitate a migration to a new machine that is secure, they would not be able to make purchases without also having the cPanel store account.

arlindmurati · Aug 11, 2021

I agree with @cPRex a migration is an immediate action you should take, even better from an offsite backup, after restoring please make sure to change WordPress login details, database names, database users passwords, cPanel passwords, disable mysql remote connection etc..

rinrikun2021 · Aug 11, 2021

Hello, thank you all for your help

What if the WHM account is linked to the Cpanel Store account? Is it still possible?

cPRex · Aug 12, 2021

I suppose that could be an issue if they had already been linked before, but usually when you submit a support ticket it does ask you to log in again.

rinrikun2021 · Aug 12, 2021

So, all purchases must use the cpanel store website, right?

Is it possible to make a purchase on my domain or IP address?

My way to view connected accounts is using the "Manage External Authentications" menu, correct?

cPRex · Aug 13, 2021

All purchases do need to go through the cPanel store, whether that happens directly from the store URL or through the WHM interface.

I'd be much more concerned about the server being compromised and getting the data migrated than of a user making random purchases on your account.

"Manage External Authentications" is used for tools that are allowed to log in to your server. You can find more details on that here: Manage External Authentications | cPanel & WHM Documentation

rinrikun2021 · Aug 15, 2021

Thank you for your concern. But this is a server for learning. Even if the contents are damaged, it's not a problem.

Thread starter	Similar threads	Forum	Replies	Date
S	cPanel account virus penetration - whmcs? wordpress? How to manage customer accounts	Security	8	Jul 17, 2021
K	My WHM/cpanel account hacked? No access to root	Security	10	Mar 15, 2021
X	Multiple WHM Users for all accounts with perms?	Security	1	Jan 10, 2018
	Detect inactive accounts in WHM or any Plugin	Security	3	Dec 2, 2017
P	WHM Multiple Account Transfer, wrong password.	Security	1	Dec 4, 2012

Search

Search

My WHM account access was stolen

rinrikun2021

Registered

arlindmurati

Member

cPRex

Jurassic Moderator

arlindmurati

Member

rinrikun2021

Registered

cPRex

Jurassic Moderator

rinrikun2021

Registered

cPRex

Jurassic Moderator

rinrikun2021

Registered