Jump to content

Spam support tickets

cocabean

By cocabean
in Developer Corner

 Share

Recommended Posts

terryfagen Junior Member

terryfagen

Posted
Posted (edited)
As above and now well documented, the exploit is processed manually, so cannot be processed as spam

What you end up receiving is the normal email from a new support ticket or sales enquiry

 

I have tested and applied the "text exclude" script and this works perfectly well

If a new support ticket is submitted then a message appears

Although rather basic, it works

 

*REMOVED*

Save as :

evalblock.php

in the folder :

/includes/hooks/

 

I note the script has 'message' but only works on the subject line, and this is good enough (for just now)

You can repeat this same script for other words and phrases, just give each a unique filename

 

Hello, I am no expert so can you please explain what this code does? Does it search for a specific work in the subject of the email?

 

I would like to add a specific sequence of characters to the end of a valid ticket, in the subject field. I would like WHMCS to reject all new tickets that do not contain this code.

 

Thanks, Terry

Edited by WHMCS Andrew
Code Removed
0
Link to comment
Share on other sites
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

m8internet Senior Member

m8internet

Posted
Posted
if you do this you will find this also block you from doing certain things f rom within your Admin area, scuh as creating or amending email templates.

I have not encountered any issues and received the warning message whilst making amendments and/or changes in the Admin Area

If I did, then it shows the script is working, so changes can be performed at the MySQL database instead

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
I have not encountered any issues and received the warning message whilst making amendments and/or changes in the Admin Area

If I did, then it shows the script is working, so changes can be performed at the MySQL database instead

 

This is what i was told by Matt

 

Hi Terry,

 

This error message you're seeing is coming from a hook file you have created @ /public_html/clients/includes/hooks/evalblock.php designed to protect against the submissions for the issue we patched last year. It's really unecessary to do that as the patch will protect you from it, and attackers will have started giving up trying it now so I recommend you simply delete that, but if you want to keep it you just need to temporarily remove it from the folder when editing your email templates.

 

Regards,

 

Matt

-------

Forums: http://forums.whmcs.com/

Documentation: http://docs.whmcs.com/

0
Link to comment
Share on other sites
  • 2 weeks later...
easyhosting Senior Member

easyhosting

Posted
Posted (edited)
Tried the workaround above (includes/hook) and it works great but I found when I created a new KB article and went to save it , I got the "Error - Invalid Subject Line" warning so it looks like this hook is running when saving / creating KB articles also?

 

yes it messes up other areas. this is what i got from Matt

 

Hi Terry,

 

This error message you're seeing is coming from a hook file you have created @ /public_html/clients/includes/hooks/evalblock.php designed to protect against the submissions for the issue we patched last year. It's really unecessary to do that as the patch will protect you from it, and attackers will have started giving up trying it now so I recommend you simply delete that, but if you want to keep it you just need to temporarily remove it from the folder when editing your email templates.

 

Regards,

 

Matt

Edited by easyhosting
0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
yeah i seen that . I removed the hook but I got another php injection attempt last night . I just get the shudders when it happens , you dont know if the f***ers have found another way to get in !

 

i know i get 3 yesterday from the same IP, even though blocked the IP in WHMCS. i used to also report these to the email address in a whois search of the IP, but some of these are fake emails as emails bounce back as unknown address.

0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
if your using cPanel you can try spam assassin, I believe you can set WHMCS to reject the emails SA marks as ***SPAM*** ... you may have to look this up, not sure. Disable auto delete and keep an eye on the spam folder just in case.

This won't help with anything but the emails generated *after* the ticket is submitted. They're being done manually, not via email.

0
Link to comment
Share on other sites
  • 5 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept