Results 1 to 10 of 10
  1. #1

    Account suspended

    Hi, one of my accounts has been suspended the Support team told me something about high cpu usage and this info:

    11863 MYACCOUNT 20 0 0 0 0 Z 4.0 0.0 0:00.12 [php] <defunct>
    11868 MYACCOUNT 20 0 0 0 0 Z 4.0 0.0 0:00.12 [php] <defunct>
    11783 MYACCOUNT 20 0 276m 39m 23m D 3.7 0.5 0:00.11 /usr/bin/php /home/MYACCOUNT/public_html/billing/clientarea.php
    11866 MYACCOUNT 20 0 0 0 0 Z 3.7 0.0 0:00.11 [php] <defunct>
    11834 MYACCOUNT 20 0 271m 71m 60m D 3.0 0.9 0:00.09 /usr/bin/php /home/MYACCOUNT/public_html/billing/clientarea.php
    11870 MYACCOUNT 20 0 271m 79m 68m D 3.0 1.0 0:00.09 /usr/bin/php /home/MYACCOUNT/public_html/billing/dologin.php
    11865 MYACCOUNT 20 0 271m 43m 32m D 2.7 0.6 0:00.08 /usr/bin/php /home/MYACCOUNT/public_html/billing/clientarea.php
    11888 MYACCOUNT 20 0 271m 49m 39m D 2.7 0.6 0:00.08 /usr/bin/php /home/MYACCOUNT/public_html/billing/dologin.php
    11909 MYACCOUNT 20 0 282m 20m 8052 D 2.0 0.3 0:00.06 /usr/bin/php /home/MYACCOUNT/public_html/billing/dologin.php
    3770 MYACCOUNT 20 0 23296 2436 2012 S 0.0 0.0 0:00.00 dovecot/imap
    5065 MYACCOUNT 20 0 23292 2436 1996 S 0.0 0.0 0:00.00 dovecot/imap
    11568 MYACCOUNT 20 0 0 0 0 Z 0.0 0.0 0:00.11 [php] <defunct>
    11575 MYACCOUNT 20 0 23296 2436 2012 S 0.0 0.0 0:00.00 dovecot/imap
    11917 MYACCOUNT 20 0 83640 624 356 D 0.0 0.0 0:00.00 /usr/bin/php /home/MYACCOUNT/public_html/billing/clientarea.php
    11918 MYACCOUNT 20 0 83640 624 356 D 0.0 0.0 0:00.00 /usr/bin/php /home/MYACCOUNT/public_html/billing/dologin.php
    11919 MYACCOUNT 20 0 83640 624 356 D 0.0 0.0 0:00.00 /usr/bin/php /home/MYACCOUNT/public_html/billing/clientarea.php
    13382 MYACCOUNT 20 0 23292 2436 1996 S 0.0 0.0 0:00.00 dovecot/imap
    20599 MYACCOUNT 20 0 23292 2440 1996 S 0.0 0.0 0:00.00 dovecot/imap
    20608 MYACCOUNT 20 0 23296 2432 2008 S 0.0 0.0 0:00.00 dovecot/imap
    29697 MYACCOUNT 20 0 23296 2440 2016 S 0.0 0.0 0:00.00 dovecot/imap
    29700 MYACCOUNT 20 0 23292 2448 2000 S 0.0 0.0 0:00.00 dovecot/imap

    Also they are asking me clarification about this and i dont know what all that data means.


    Any idea? (Maybe bruteforce?)
    Want cheap Facebook Likes or RDP(Remote Desktop 1Gbps)? PM
    or search for my threads in the Advertising Forums
    Demo available for both services

  2. #2
    Join Date
    Feb 2005
    Location
    localhost
    Posts
    5,473
    It means you are using beyond the amount of resources that is included with your package, you may need to upgrade your current package.
    Respectfully,
    Mr. Terrence

  3. #3
    Is this on a VPS or shared plan?

    I see you're using WHMCS. It could indeed be some brute force attacks, but not on the admin area (seeing the direct dologin.php processes).
    Visiba | UK and US based cPanel Web Hosting
    Softaculous Script Installer | Daily Backups | SEO Tools | SSD Servers
    99.9% Uptime Guarantee | 30 Days Money Back Guarantee | 24x7 Support

  4. #4
    Quote Originally Posted by Terrence-J View Post
    It means you are using beyond the amount of resources that is included with your package, you may need to upgrade your current package.
    Hi, I dont think thats the case

    Quote Originally Posted by Visiba View Post
    Is this on a VPS or shared plan?

    I see you're using WHMCS. It could indeed be some brute force attacks, but not on the admin area (seeing the direct dologin.php processes).
    Hi, yeah im using WHMCS on a reseller account.
    Want cheap Facebook Likes or RDP(Remote Desktop 1Gbps)? PM
    or search for my threads in the Advertising Forums
    Demo available for both services

  5. #5
    The information provided is not enough to really show that there are issues happening. I would suggest getting more details than this.

  6. #6
    Quote Originally Posted by brandyou View Post
    The information provided is not enough to really show that there are issues happening. I would suggest getting more details than this.
    Yeah, i also thought that in first place, i will ask more info from the support team.
    Want cheap Facebook Likes or RDP(Remote Desktop 1Gbps)? PM
    or search for my threads in the Advertising Forums
    Demo available for both services

  7. #7
    New info:

    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 200 5863 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 200 5863 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "POST /dologin.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 200 5863 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    68.14.213.35 - - [14/Sep/2014:19:56:24 +0100] "GET /clientarea.php HTTP/1.0" 200 5863 "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 200 5863 "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    68.14.213.35 - - [14/Sep/2014:19:56:25 +0100] "POST /dologin.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    68.14.213.35 - - [14/Sep/2014:19:56:25 +0100] "POST /dologin.php HTTP/1.1" 302 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:25 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:25 +0100] "POST /dologin.php HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    68.14.213.35 - - [14/Sep/2014:19:56:26 +0100] "POST /dologin.php HTTP/1.1" 302 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    68.14.213.35 - - [14/Sep/2014:19:56:26 +0100] "POST /dologin.php HTTP/1.1" 302 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    68.14.213.35 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    68.14.213.35 - - [14/Sep/2014:19:56:26 +0100] "GET /clientarea.php HTTP/1.0" 200 5863 "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    68.14.213.35 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
    220.241.21.33 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php HTTP/1.0" 404 - "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"
    68.14.213.35 - - [14/Sep/2014:19:56:27 +0100] "GET /clientarea.php?incorrect=true HTTP/1.0" 200 5982 "-" "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.2.0 Version/10.00"

    Yeah its a bruteforce attack(im blocking 4 ips in my httacces file, not sure if that is enought for now)
    Want cheap Facebook Likes or RDP(Remote Desktop 1Gbps)? PM
    or search for my threads in the Advertising Forums
    Demo available for both services

  8. #8
    Join Date
    Feb 2005
    Location
    India
    Posts
    1,073
    Okay here is what I would suggest you do

    1) Try to ask them to give you a second chance to get things right / secure.
    2) Update WHMCS to the latest version (you may need to get your subscription up to date) to fix all possible previous security issues.
    3) 220.241.21.33 - IP resolves to http://220.241.21.33/scopia/entry/index.jsp, just for your knowledge. If this is something you are not aware of (don't know him/her/it) you may want to have your host block the IP entirely.
    4) See if that solves your woes and gets you back online.

    WHMCS is a commonly used and offered software and if up to date, should not be the cause of your issues. Having said that, I hope you have not made too many enemies along the way.

  9. #9
    I would also recommend you to secure your admin area (if you have not done yet). Also if you have large number of clients accessing their billing area, I suggest you to move your WHMCS installation to VPS.
    || Web Hosting Blog - Web Hosting security & latest web hosting industry Announcements
    || Web Hosting Discussion - A Web Hosting community

  10. #10
    Hi,

    In addition, you can also use cloudflare for WHMCS domain to hide your IP. They also do provide DDOS protection.
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

Similar Threads

  1. Replies: 8
    Last Post: 08-27-2012, 06:28 AM
  2. Replies: 22
    Last Post: 05-18-2011, 11:49 AM
  3. How do I modify a suspended account page for one account?
    By jonmck1234 in forum Hosting Security and Technology
    Replies: 13
    Last Post: 02-10-2004, 12:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •