Results 1 to 16 of 16
-
02-18-2012, 11:12 AM #1Disabled
- Join Date
- Jun 2007
- Location
- UK and Hong Kong
- Posts
- 243
WHMCS - How to block the {php] attack?
Hello all,
I have seen the question raised elsewhere on the forum but I lost the link, but in any case, I could not find the solution.
I'm sure many of you have been the target of the {php} eval attacks, and although many of you have probably already patched this little exploit, are any of you driven to the point of near insanity from the excessive number of tickets you need to delete?
We get at least 1 idiot trying it every day, with some days seeing as many as 10.
Has anyone found a way to just stop these tickets from even opening since it's getting on my nerves. This has been going on since the end of 2011.
We tried implementing a band on E-Mails with subject/message containing {php} but it didn't work.
If someone else has another idea, it would be greatly appreciated.
Just seeing these tickets pop up makes my blood boil!
-
02-18-2012, 11:16 AM #2Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
Its been covered several times across different threads but here is a method you can try:
http://www.webhostingtalk.com/showpo...5&postcount=67UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
02-18-2012, 11:41 AM #3Disabled
- Join Date
- Jun 2007
- Location
- UK and Hong Kong
- Posts
- 243
Brilliant! Worked instantly without a problem. Thanks cd/home!
WHMCS should include this in there releases, or at least offer it to those who request a solution.
-
02-18-2012, 06:54 PM #4Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 32
It crashed my site
-
02-18-2012, 06:58 PM #5Disabled
- Join Date
- Jun 2007
- Location
- UK and Hong Kong
- Posts
- 243
What do you mean crashed? Are you sure it was the code you entered? Hard to see how it would crash your site.
-
02-18-2012, 07:31 PM #6Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 32
web pages will not load with the php file placed where instructed.
-
02-18-2012, 09:15 PM #7Disabled
- Join Date
- Jun 2007
- Location
- UK and Hong Kong
- Posts
- 243
Check your code. Make sure you havnt got any errors in there.
-
02-18-2012, 10:32 PM #8Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
UK Based Proactive Server Management.
Zabbix Enterprise 24/7 Monitoring.
-
02-19-2012, 07:46 AM #9Disabled
- Join Date
- Jun 2007
- Location
- UK and Hong Kong
- Posts
- 243
I wouldnt say never ending. I just think WHMCS should actually implement somthing directly in their code, 1) to patch/secure the exploit, and 2) to prevent those tickets from annoying the **** out of us!
-
02-19-2012, 08:55 AM #10
-
02-19-2012, 09:13 AM #11Disabled
- Join Date
- Jun 2007
- Location
- UK and Hong Kong
- Posts
- 243
Hi Bear,
Yes I know, but the nuesance continued as hundreds of support tickets get opened trying to exploit the software. Using the solution as suggested by cd/home, this little annoyance is resolved!
It saves time for the admins of the site, and it prevents would be attackers from trying again and again as they will know it is futile!
-
02-19-2012, 09:56 AM #12Web Hosting Evangelist
- Join Date
- Nov 2009
- Location
- Auckland
- Posts
- 461
Some kiddies are still trying this old exploit. Almost every other day I'm seeing this kind of thing in our tickets.
-
02-19-2012, 11:12 AM #13Junior Guru
- Join Date
- Apr 2008
- Location
- UK
- Posts
- 239
You can download and install the delayed atomicorp mod_security rules - they block these tickets amongst many other things.
SafeSrv.net - Secure Hosting, VPN and Management Services.
WHMCS FreeRADIUS VPN Module. - Build a fully featured VPN business in no time.
-
02-19-2012, 11:50 AM #14Hello World
- Join Date
- Nov 2009
- Location
- /etc/my.cnf
- Posts
- 10,657
-
02-19-2012, 01:15 PM #15Web Hosting Master
- Join Date
- Apr 2010
- Location
- In your heart
- Posts
- 631
Check this link http://forum.whmcs.com/showthread.php?t=43462
Web Hosting in Pakistan -> Fast Hosting,(25 minute initial ticket response time guarantee)
Hosting in Pakistan -> Keep your site online with Cheap Price
-
02-19-2012, 02:09 PM #16WHT Addict
- Join Date
- Feb 2012
- Location
- WHT
- Posts
- 124
did you get this ticket too !!! i have this kind of ticket but i dont open it .
Similar Threads
-
WHMCS Attack through php eval - Is my WHMCS is hacked?
By DewlanceHosting in forum Hosting Security and TechnologyReplies: 198Last Post: 05-31-2012, 10:34 PM -
DDoS attack - block certain countries
By Markovic in forum Hosting Security and TechnologyReplies: 6Last Post: 07-05-2010, 06:14 PM -
Anybody know how to block this specific PHP Inject attack using Mod_Security ?
By smksa in forum Hosting Security and TechnologyReplies: 1Last Post: 06-18-2008, 08:17 AM -
how to block sync attack ?
By zodehala in forum Hosting Security and TechnologyReplies: 2Last Post: 07-21-2007, 07:31 AM -
ICMP attack! how to block?
By H2 in forum Hosting Security and TechnologyReplies: 8Last Post: 03-29-2002, 11:13 AM