Jump to content

A few dodge tickets being created

zomex

By zomex
in General Discussion

 Share

Recommended Posts

zomex Senior Member

zomex

Posted
Posted

Hello all,

 

Over the last couple of days I've had about 5 people open tickets containing encoded PHP (praying that it'll work no doubt). It's a failed attempt at gaining access and I will enable Google re-capcha to see if that helps.

 

I suppose the smartest thing to do would be disable to register form but it's not ideal as I require affiliates the ability to signup.

 

I just wanted to know if anyone else experienced this?

 

Jack

0
Link to comment
Share on other sites
zomex Senior Member

zomex

Posted
  • Author
Posted
Excuse my ignorance, but what google capatch are you referring to? I only know the WHMCS one on multble domain whois searches.

 

I haven't had time to enable it yet but in WHMCS 5.0 you can enable Google re-capcha in replacement of the standard capcha.

0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
Same here, but ReCaptcha is enabled, what else can we do to combat this from happening?

 

Disallow the subject that includes the start of it (setup-> spam control->subject), for one. If it's that same "eval" subject I imagine this might be, that should help.

0
Link to comment
Share on other sites
Ashley.S. Member

Ashley.S.

Posted
Posted
Disallow the subject that includes the start of it (setup-> spam control->subject), for one. If it's that same "eval" subject I imagine this might be, that should help.

thanks for that, I added {php} since the subjects tend to be 

{php}eval(blahblahcode)){/php}

 

I applied the patch once it was announced so they shouldn't get in, it's just getting really annoying since when it shows up in the activity log, my staff keep reporting that their anti-viruses keep disallowing them access because of this said code so I have to clear the logs in the DB every time :(

0
Link to comment
Share on other sites
zomex Senior Member

zomex

Posted
  • Author
Posted

I tried the support ticket spam control but it didn't seem to work for me.

 

As I just got another 4 tickets I decided to make support tickets require account login and turned off the ability to register without ordering anything (at least until these people give up). To do this go to:

 

setup > general settings > other > untick - Tick this box to allow registration without ordering any products/services

 

I imagine this will stop 99% of these. It would take some very desperate people to process an order and then attempt this just for me to ban them after.

0
Link to comment
Share on other sites
m8internet Senior Member

m8internet

Posted
Posted (edited)

I have tried several things, none seem to work

 

Customer required to login

So this person creates a new client

 

They submit a support ticket

So I set spam control, this has had NO effect

I suspect that is due to the subject being ONE complete word, with what appears as random characters

Some form of *base64* needs to apply

 

As above, what next?

What about limiting the number of characters in the subject line and text body?

Edited by m8internet
0
Link to comment
Share on other sites
Ashley.S. Member

Ashley.S.

Posted
Posted
I've also noticed the emails are sequential and also not applied by the spam filter

I applied

@ss.com

but

anything @ ss.com (in correct format)

was not recognised as spam!

 

Nice to know the spam filter is'nt working. I swear that WHMCS V5 has caused more problems than resolved them :evil:

 

Sadly not

As above, the attacker simply creates a new client, then submits the support ticket

 

Highly annoying, I've not got any recently with php in it but I did notice that I got one with the subject containing a load of domains instead early this morning, is this the next chapter in the hacker tales :?

0
Link to comment
Share on other sites
Ashley.S. Member

Ashley.S.

Posted
Posted
Next question

Does using captcha have any effect?

 

I suspect this person is entering details manually (in person) due to the variation

Equally, it may be a team as the address was the router they used!

Not everyone has whmcs installed in the obvious whmcs directory

 

Apparently not, I'm using ReCaptcha and that's supposed to stop a lot of automated submissions, etc.

0
Link to comment
Share on other sites
  • WHMCS CEO
Matt Senior Member

Matt

Posted
  • WHMCS CEO
Posted

Why are you trying to stop them being submitted? I can tell you now you won't be able to. Your ticket system allows anybody who wants to submit a ticket so there's no point even trying. But the point is you don't need to waste your time trying - you've applied the patch so you are safe.

 

And regarding the spam protection, it works fine - but it only applies to tickets received via email. Tickets submitted via the online form don't have the spam filters applied.

 

Matt

0
Link to comment
Share on other sites
m8internet Senior Member

m8internet

Posted
Posted (edited)
Your ticket system allows anybody who wants to submit a ticket so there's no point even trying

As above, I have restricted Submit Tickets to customers only (and it has always been like that, non-clients use the sales form)

 

The issue is we are trying to prevent this process, which appears to be automated

I agree there isn't much you can do

Someone simply signs up as a customer then submits a new support ticket, in the hope the code will process

Perhaps the solution is to put a time limit between new customer account creation and submit support ticket

Here are time intervals used :

17:48:19

to

17:48:58

and

03:05:13

to

03:06:14

I certainly wouldn't expect a new customer to submit a new ticket within the first 90 seconds after signing up

 

However, as I noted and posted about in other thread, the update from v4.3 to v4.5 moved the / created a new templates_c folder into the public_html folder and there was no instruction afterwards to either delete, move it, or take any other action

Just by luck I found it after the upgrade and took the appropriate action

 

At the moment I am amending the tickets, removing the long code in the database, renaming the client to ZZZ, then setting the client to closed

Edited by m8internet
0
Link to comment
Share on other sites
bear Senior Member

bear

Posted
Posted
However, as I noted and posted about in other thread, the update from v4.3 to v4.5 moved the / created a new templates_c folder into the public_html folder and there was no instruction afterwards to either delete, move it, or take any other action

Just by luck I found it after the upgrade and took the appropriate action

The upload contains those folders, so if you don't remove them before you upload then they are *also* in the default location. If you'd previously moved them and edited the conf file, then they aren't doing or affecting anything on your installation as they aren't being used.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept