Jump to content

Malware in WHMCS php's


Recommended Posts



We are experiencing problems with Google malware reports on our site. All of the reported problems stem from php files installed for WHMCS by WHMCS personnel.









Google report:

What is the current listing status?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 11 pages that we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2010-09-21, and the last time that suspicious content was found on this site was on 2010-09-21.

Link to comment
Share on other sites

  • 9 years later...

Hi i have  received  a  malware  alert from my hosting  provider , upon checking i found  this 

A security risk has been detected on your IONOS server.

We have been informed that your server contains or redirects to harmful or malicious content, such as malware or phishing sites.

Host / IP of your server: 

Note: for your own security, please do not open the following sites with your browser:

son=food [*********

The following measures will be necessary in order to restore security to your IONOS contract:

1. Remove the affected files and services

Please analyze which service, software and files have been saved or modified by third parties on your server. Please remove the malicious content or configuration within 48 hours.

2. Protect yourself from future attacks

Keep the operating system of your server and the software up-to-date.
Change all passwords saved on your server (e.g. for mail servers, external services, database). It is highly likely that attackers stole them.

3. Inform us about the measures you have taken



We have checked the site and found that your site folder portal contains lots of encrypted code, which I guess is built by your developer, These encrypted codes are pointed as malware files by your hosting provider, can you please review these encrypted codes with your developer.
Also, we have removed all the hack content mention by Google search engine and requested Google to review the site again.

This is a example off  the code i have over 300 incidents    a like 

http://***********.com/portal/?language=azerbaijani page malware malware Urgent   Google 
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated