Attempted Hack to /contact.php - I recieved an email via this form with base64

[slim]

Tonight I recieved a single email from my server - Generated by WHMCS's contact.php file.

 

It included my WHMCS logo and then a bunch of base64 encoded stuff.

 

It appears they put base64 code in the from and subject lines in an attempt to get somthing happening on the server.

 

has anyone else had anything similar?

[sparky]

It is quite old now... there was a security patch released for this back in May

http://forum.whmcs.com/showthread.php?47828-Security-Patch

If your up to date with the latest version then it should already have the patch.

[slim]

Yeah, using the latest version - with this patch already.

 

Still scary that these people are trying.

[jfreak53]

Just use mod_security to block this, it's real simple:

SecRule ARGS {php} "severity:4,log,deny"

SecRule ARGS eval "severity:4,log,deny"

 

This blocks any POST or GET request that has these That's what we do, it has blocked 100% of all attempts