WHMCS Hacked?


New Member
Ok, I just downloaded whmcs from your server and installed it using the key sent in the email from knownhost. Immediately the last step of the installation script has you log into the admin area. Well...when I did that, it redirected me to an affiliate link for 1and1hosting. Now please keep in mind, this was IMMEDIATELY AFTER DOWNLOADING AND INSTALLING THE FILES from Knownhost.

I sent in a ticket and the person did a virus scan and told me that it shows that there are no viruses and referred me to the log and then proceded to tell me to let them know if I need anymore help... HELLOOOO!!! I just installed a script from your server and it is somehow compromised, of course I need some help here!

Can someone get me some help. I didn't want to bring this up in the forum without trying to get it resolved through the ticket system first. But I think there is a good chance, the files on your side (whmcs) are compromised.
As per your support ticket this appears to be related to the specific computers / specific network and cannot be duplicated on any other system.
Want to say I had this same issue, and what I did in this sequence is what caused my problem. I went uninstalled WHMCS and reinstalled it leaving the cron job they recommend adding to your server after you finish installing WHMCS. After removed it this redirect to 1and1 went away. just wanted to post this because I did not find the solution anywhere and this was the first result.
WHMCS referres you to 1&1 because...

I have just completed the install and ran into the same issue (being redirected to 1&1). I have managed to findout that this will occur when you try to log into the admin panel and fail to log in 3 times, or what ever you have your settings set to. The normal timeout is 15mins. so try again in 15 mins but this time, click the "for got password" link instead.

It will redirect you every time until you wait for the time out. Hope this helps.
To resolve this just change "WHMCS System URL" field at WHMCS -> Setup -> General Settings to your own domain.