WHMCS system is protected against sql injection attacks - and that's great.
Each time such an attack is falling we get an automatic email titled WHMCS Admin Failed Login Attempt with the attack information (the relevant attak string in the Username field and the Ip this attack originate from.
Sometimes such an attack is repeated several times from the same IP or when it's failing the hacker / attacker may try something else and will continue his hacking attempts.
In WHMCS there is security feature that ban an IP of Failed Admin Login for several time (usually few minutes - but this can be configured in the system settings) after the third unsuccessful attempt.
I think that when it's is clear that this is not a normal Failed Admin Login but rather a clear sql injection attack (i.e. there is a relevant attak string in the Username field) WHMCS system should automatically add the attacker IP addresses to the Banned IPs list with no expire date and with Ban Reason of hacker or something like that.
This automatic security mechanism will help WHMCS to be more secure by immediately blocking a clear attacker IP without giving the attacker 2nd or 3rd attacks options.
What do you think?