Malware in WHMCS php's

[sa_sam]

Hi

 

We are experiencing problems with Google malware reports on our site. All of the reported problems stem from php files installed for WHMCS by WHMCS personnel.

 

domainchecker.php

index.php

cart.php

dl.php

downloads.php

submitticket.php

 

Google report:

What is the current listing status?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 11 pages that we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2010-09-21, and the last time that suspicious content was found on this site was on 2010-09-21.

[othellotech]

You've been hacked - the standard files dont exhibit that issue, only yours - ergo you've had something nasty appended onto them

[thernes]

Have to agree with Rob here: If there was something nasty in those files originally, we would all be blocked by Google.

[FlexiHost]

Is it a nulled version perhaps of WHMCS?

[laszlof]

Is it a nulled version perhaps of WHMCS?

 

That was my first suspicion.

[FlexiHost]

Most likely the case, as there would be others mentioning about this if it was a WHMCS wide issue. We know ourselves that there is not issues like that for us at least, so I guess you get what you deserve if it is a nulled one.

 

BTW, what is the installed domain of the WHMCS?

[IPTV-COM]

Hi i have  received  a  malware  alert from my hosting  provider , upon checking i found  this 

A security risk has been detected on your IONOS server.

We have been informed that your server contains or redirects to harmful or malicious content, such as malware or phishing sites.

Host / IP of your server: 

Note: for your own security, please do not open the following sites with your browser:

hxxps://i*****l[.]com/portal/templates_c/main_page/overview_user.php?color=m1bhwku1100ykud&school=europe&rea
son=food [*********

The following measures will be necessary in order to restore security to your IONOS contract:

1. Remove the affected files and services

Please analyze which service, software and files have been saved or modified by third parties on your server. Please remove the malicious content or configuration within 48 hours.

2. Protect yourself from future attacks

Keep the operating system of your server and the software up-to-date.
Change all passwords saved on your server (e.g. for mail servers, external services, database). It is highly likely that attackers stole them.

3. Inform us about the measures you have taken
 

 

 

We have checked the site and found that your site folder portal contains lots of encrypted code, which I guess is built by your developer, These encrypted codes are pointed as malware files by your hosting provider, can you please review these encrypted codes with your developer.

 

Also, we have removed all the hack content mention by Google search engine and requested Google to review the site again.

This is a example off  the code i have over 300 incidents    a like 

http://***********.com/portal/?language=azerbaijani

page

malware

malware

Urgent

Google