eugenevdm Posted December 20, 2011 Share Posted December 20, 2011 (edited) We notice this ticket sent to our general address: {php}eval(base64_decode <<removed>> It seems the hacker is targetting configuration.php. Not sure if this is specific to WHMCS. Edited December 20, 2011 by bear Removed actual exploit code 0 Quote Link to comment Share on other sites More sharing options...
Damo Posted December 20, 2011 Share Posted December 20, 2011 Have you not looked at this forum or the whmcs news? There was a security patch issued to address this. There's little point posting what you have in a public forum as well. A ticket directly to whmcs would be the best way to have it investigated. By publicly posting this you are giving script kiddies the tools they need to play havoc. 0 Quote Link to comment Share on other sites More sharing options...
eugenevdm Posted December 20, 2011 Author Share Posted December 20, 2011 Thanks for the constructive criticism. I'll go about it differently next time. And no, I don't have time to read all the newsletters that come my way. 0 Quote Link to comment Share on other sites More sharing options...
bear Posted December 20, 2011 Share Posted December 20, 2011 Since security announcements are posted in this forum: http://forum.whmcs.com/forumdisplay.php?f=9 , perhaps you should subscribe to that and make a point of reading those, or at least skimming the posts as they arrive via email (there aren't that many, and warnings are marked clearly as such)? I do this for any software I use on my main site(s), as well as some twitter follows, and take the time to watch for alerts. It helps to stay up to date on some things, and with this patched and widely known since December 1, it may have saved you from this one. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.