Blocking Malicious Email Attempts in Tickets

[easyhosting]

I have had ENOUGH damage done to my business from this hacking exploit already!

I don't like seeing the "php_eval" mails just because it reminds me of all my lost business. It doesn't seem too much to ask the WHMCS development team to come up with a block to keep these mails OUT OF my ticket system!

 

How about it? Please come out with instructions on how we can do this ourselves if nothing else.

 

i have the patch, so they cant get in, but still get them, i log the IP, block this in my WHMCS, and on my servers, then report the IP to the upstream provider, but as they use the ticket system they are not using email, so leave no header information, so upstream providers cant do much about these.

[supernix]

Somehow hackers are still able to use the ticket system to upload illegal files to damage your files. This is because WHMCS is obviously not filtering input to remove PHP uploads.

[bear]

Somehow hackers are still able to use the ticket system to upload illegal files

File uploads? Please provide more details.

[supernix]

My ticket system received an e-mail about a support ticket and attached was toolbar.php. How they managed to get the system to take a PHP attachment to a ticket I have no clue. I then found various hack files in the templates_c folder.

One of the files uploaded somehow by the hacker was a aram.php that was used to edit the index page and deface it.

Google has not been any help in uncovering what these files can do or are meant for.

I have been keeping things very hush hush while conducting the investigation into what happened. So not sure exactly whom to tell.