Today I tried to access my WHMCS admin but I couldn't. Someone had entered my system, removed my admin and added his own.
I figured out how to protect my admin panel through .htaccess allowing only my IP, and I have undone the changes he made in my system. But it doesn't solve the fact that my system has a vulnerability and someone can exploit it.
This is the hacker activity, can anyone see the exploit logic here?