Concern for backdoor access

Hi,

We have recently started using SuiteCRM on our web hosting.

At the time of first using SuiteCRM, we got in touch with a developer (from India) who was given full admin access + cpanel access to the web hosting where SuiteCRM is held.

The developer made bespoke customisations to SuiteCRM as we required.

Following this, we installed a plugin which had a problem so we gave access to our SuiteCRM to the plugin developer to check out the issue.

Since all of this we have changed web hosts/cpanel login password and changed login passwords for admin users of SuiteCRM.

My concern is that something could have been installed on our SuiteCRM by one of the above developers at the time they had access, which allows them to access our content remotely.

Some kind of backdoor access that sends our data or allows them still to connect.

Is there any chance this could be the case? If so, how can I stop this?

Thanks, I appreciate advice any one can give for improving security of SuiteCRM.

Hi. You would need to audit the changes made, I guess.

Basically

• check users/passwords in SuiteCRM

• check users/passwords in database

• check users/passwords in Linux server (all possible entries - SSH, FTP, Samba, CPanel, whatever services you’re running)

• audit file changes. There are nice tools that let you compare what you have to what is the default (secure) SuiteCRM install. These will bring up any changes these developers made. You need to look through them one by one and check them for security.

Simply start tracking IP addresses and block IPs based upon city , location or country.

You may also like to change URL in case you really feel insecure.

Other steps told by @pgr are also very useful.