This is a global correspondence to all of our clients and it is to make you all aware of ongoing brute-force attacks on our UCP's and WHMCS customer portals.
Even with recaptcha and "failed attempts limits" rules enabled as a deterrent this will not prevent someone potentially accessing your slot if you were using same credentials to other websites on internet. There are ready to go databases with email/password combinations stolen from various sites on internet, attackers could use those credentials to try to access your slot too.
As an advisory we do suggest everyone changes their passwords immediately for UCP, WHMCS Customer Portal and Access Detail.
We would suggest you make your password strong, with capitals, numbers, symbols and a good length. Better yet, password managers (Bitwarden, LastPass and 1Password) are fantastic apps for this, as our advice would be to NEVER use the same email/password combination twice and generate wherever possible.
These 'attackers' are gaining access without your knowledge, mining and abusing resources via HTTP.
Your account security is your own responsibility!
Those that have already adopted healthy generated passwords need not worry as much.
Friday, May 17, 2019