Results 1 to 16 of 16
  1. #1
    Join Date
    Jun 2007
    Location
    UK and Hong Kong
    Posts
    243

    WHMCS - How to block the {php] attack?

    Hello all,

    I have seen the question raised elsewhere on the forum but I lost the link, but in any case, I could not find the solution.

    I'm sure many of you have been the target of the {php} eval attacks, and although many of you have probably already patched this little exploit, are any of you driven to the point of near insanity from the excessive number of tickets you need to delete?

    We get at least 1 idiot trying it every day, with some days seeing as many as 10.

    Has anyone found a way to just stop these tickets from even opening since it's getting on my nerves. This has been going on since the end of 2011.

    We tried implementing a band on E-Mails with subject/message containing {php} but it didn't work.

    If someone else has another idea, it would be greatly appreciated.

    Just seeing these tickets pop up makes my blood boil!

  2. #2
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Its been covered several times across different threads but here is a method you can try:

    http://www.webhostingtalk.com/showpo...5&postcount=67
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  3. #3
    Join Date
    Jun 2007
    Location
    UK and Hong Kong
    Posts
    243
    Brilliant! Worked instantly without a problem. Thanks cd/home!

    WHMCS should include this in there releases, or at least offer it to those who request a solution.

  4. #4
    It crashed my site

  5. #5
    Join Date
    Jun 2007
    Location
    UK and Hong Kong
    Posts
    243
    What do you mean crashed? Are you sure it was the code you entered? Hard to see how it would crash your site.

  6. #6
    web pages will not load with the php file placed where instructed.

  7. #7
    Join Date
    Jun 2007
    Location
    UK and Hong Kong
    Posts
    243
    Check your code. Make sure you havnt got any errors in there.

  8. #8
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by HHKNet View Post
    Brilliant! Worked instantly without a problem. Thanks cd/home!
    No problem, However I can see this being a never ending problem for us WHMCS users seen this exploit is known wide now every nodding numpty is going to try just on the off chance of being able to see if your patched or not...
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  9. #9
    Join Date
    Jun 2007
    Location
    UK and Hong Kong
    Posts
    243
    I wouldnt say never ending. I just think WHMCS should actually implement somthing directly in their code, 1) to patch/secure the exploit, and 2) to prevent those tickets from annoying the **** out of us!

  10. #10
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Quote Originally Posted by HHKNet View Post
    1) to patch/secure the exploit
    They did patch for it, as of December 1, 2011.
    Your one stop shop for decentralization

  11. #11
    Join Date
    Jun 2007
    Location
    UK and Hong Kong
    Posts
    243
    Hi Bear,

    Yes I know, but the nuesance continued as hundreds of support tickets get opened trying to exploit the software. Using the solution as suggested by cd/home, this little annoyance is resolved!

    It saves time for the admins of the site, and it prevents would be attackers from trying again and again as they will know it is futile!

  12. #12
    Join Date
    Nov 2009
    Location
    Auckland
    Posts
    461
    Some kiddies are still trying this old exploit. Almost every other day I'm seeing this kind of thing in our tickets.

  13. #13
    Join Date
    Apr 2008
    Location
    UK
    Posts
    239
    You can download and install the delayed atomicorp mod_security rules - they block these tickets amongst many other things.
    SafeSrv.net - Secure Hosting, VPN and Management Services.
    WHMCS FreeRADIUS VPN Module. - Build a fully featured VPN business in no time.

  14. #14
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    10,657
    Quote Originally Posted by spykee View Post
    Some kiddies are still trying this old exploit.
    Skiddies will be trying this exploit for months to come on the hope that someone who hasnt patched will become their victim...
    UK Based Proactive Server Management.
    Zabbix Enterprise 24/7 Monitoring.

  15. #15
    Join Date
    Apr 2010
    Location
    In your heart
    Posts
    631
    Web Hosting in Pakistan -> Fast Hosting,(25 minute initial ticket response time guarantee)
    Hosting in Pakistan -> Keep your site online with Cheap Price

  16. #16
    Join Date
    Feb 2012
    Location
    WHT
    Posts
    124
    did you get this ticket too !!! i have this kind of ticket but i dont open it .

Similar Threads

  1. WHMCS Attack through php eval - Is my WHMCS is hacked?
    By DewlanceHosting in forum Hosting Security and Technology
    Replies: 198
    Last Post: 05-31-2012, 10:34 PM
  2. DDoS attack - block certain countries
    By Markovic in forum Hosting Security and Technology
    Replies: 6
    Last Post: 07-05-2010, 06:14 PM
  3. Anybody know how to block this specific PHP Inject attack using Mod_Security ?
    By smksa in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-18-2008, 08:17 AM
  4. how to block sync attack ?
    By zodehala in forum Hosting Security and Technology
    Replies: 2
    Last Post: 07-21-2007, 07:31 AM
  5. ICMP attack! how to block?
    By H2 in forum Hosting Security and Technology
    Replies: 8
    Last Post: 03-29-2002, 11:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •