Just Recieved a Base64 Attack Through WHMCS Support Ticket

[Allegheny]

Hi,

 

I just received a support ticket through my WHMCS installation which was a BASE64 type of attack or attempted attack.

 

It came from this IP address 182.178.20.153 located in Pakistan which I have totally blocked through CSF, but after receiving email message.

 

I have decoded the Base64 and below is the resulting code.

 

I am running the latest version of WHMCS 5.2.5 on Centos 6.4 with WHM 11.38.1 and I had followed the instructions for securing WHMCS when doing the install by moving certain files out of the public directory, changing admin folder, etc.

 

Is this a new attack that might compromise my WHMCS installation or data? or is version 5.2.5 already capable of blocking this attempt (I hope)?

 

Here's the code:

 

- Removed -

Edited July 18, 2013 by Infopro
There is no need to post this code here

[WHMCS Chris]

Without seeing the code, it's hard to state for sure. However there was an issue that was resolved last year ( May 29th ), which deals with that method.

 

The post is here: http://blog.whmcs.com/news.php?t=47828

 

If you'd like confirmation, I'd recommend submitting a ticket to the security queue ( security [at] whmcs.com ).