Personal tools

From HEXONET Wiki

Revision as of 12:42, 29 April 2019 by WikiAdmin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to secure your WHMCS installation

In order to secure your WHMCS installation, we recommend creating a role user only dedicated for WHMCS.
This role user will only be able to execute the WHMCS needed commands.

Let's create this role user:

  • Login to the Hexonet Control Panel
  • Click on your username
  • Click on 'Settings', click on 'Share Access' from the dropdown menu
  • Create a new role user by clicking on "New Role User"
  • Fill in the necessary input fields:
    Role ID: whmcs
    Password: **********
    Default Access: Deny
    Status: Active
  • Copy and paste the following block of commands in the "Access Control" section:
    Please remove any default commands listed in the Control Panel input field. We recommend using only the following commands.
    CheckDomain():ALLOW
    CheckDomains():ALLOW
    CheckAuthentication():ALLOW
    QueryDomainSuggestionList():ALLOW
    AddDomain():ALLOW
    TransferDomain():ALLOW
    StatusDomain():ALLOW
    TradeDomain():ALLOW
    ModifyDomain():ALLOW
    PushDomain():ALLOW
    DeleteDomain():ALLOW
    RenewDomain():ALLOW
    PayDomainRenewal():ALLOW
    StatusDomainTransfer():ALLOW
    StatusContact():ALLOW
    ModifyContact():ALLOW
    DENIC_CreateAuthInfo1():ALLOW
    QueryDNSZoneRRList():ALLOW
    UpdateDNSZone():ALLOW
    AddNameserver():ALLOW
    ModifyNameserver():ALLOW
    DeleteNameserver():ALLOW
    QueryObjectLogList():ALLOW
    StatusObjectLog():ALLOW
    ConvertIDN():ALLOW
    AddDomainApplication():ALLOW
    StatusDomainApplication():ALLOW
    RequestDomainAuthInfo():ALLOW
    StatusUser():ALLOW
    StatusAccount():ALLOW
    SetEnvironment():ALLOW
    ExecuteOrder():ALLOW
    
  • Continue to the "IP Restriction" step and enter the IP of your server (which contains your WHMCS installation)
  • Login to your WHMCS Backend and replace your Hexonet username with your role user.
    (If your Hexonet username is "customer1" and your role user is "whmcs" you have to use the login like this: customer1!whmcs)