Jump to content

Hack attempts


Recommended Posts

No; this is the exploit that was fixed with the release of 5.2.8 and 5.1.10 and is just people running that old exploit script against your installation. The current hole is arguably considerably worse. Taking the details of the exploit at face value, your current best bet is to disable all third party access to your billing system by using an IP restricting or credential requiring .htaccess in the whmcs directory until it's patched.


NB; putting the install into maintenance mode is likely not a sufficient mitigation. Block access to it entirely unless you have the expertise to safely mitigate it with an application layer firewall.

Edited by PhilB
Link to comment
Share on other sites

Do this, it stuffs them after they have taken the time to sign up, go through using the two factor authentication, etc etc Make sure you have been to General Settings / Other and tick the boxes that prevents clients from changing their own details.

[TABLE=class: form, width: 100%]


[TD=class: fieldlabel, align: right]Locked Client Profile Fields[/TD]

[TD=class: fieldarea, bgcolor: #EFEFEF, align: left]Select any fields below that you want to prevent clients being able to edit from the client area:

[TABLE=width: 100%]


[TD=width: 25%] First Name[/TD]

[TD=width: 25%] Last Name[/TD]

[TD=width: 25%] Company Name[/TD]

[TD=width: 25%] Email Address[/TD]



[TD=width: 25%] Address 1[/TD]

[TD=width: 25%] Address 2[/TD]

[TD=width: 25%] City[/TD]

[TD=width: 25%] State/Region[/TD]



[TD=width: 25%] Postcode[/TD]

[TD=width: 25%] Country[/TD]

[TD=width: 25%] Phone Number[/TD]






I guess you can let them change their phone number.. :) That outta give them the irrates!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated