preschian Posted October 24, 2013 Share Posted October 24, 2013 (edited) my website using whmcs has been hacked before. i found strange script the name is 'WHMCS KILLER V3 CODED BY RAB3OUN' please, security team fix this annoying thing. this script can stole all your data, and all your data client original extension is .php --removed-- Edited October 24, 2013 by WHMCS Chris 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Chris Posted October 24, 2013 Share Posted October 24, 2013 Hello, Firstly, I've removed the script from your forum post. Secondly, these "WHMCS Killer" scripts are simply database readers -> just like WHMCS is. It requires some level of file system access to the server to be useful. What this means is, in order to utilize it the server must already be compromised. The script is typically uploaded to the server by means of either: - A vulnerability or exploit in another third party software (third party CMS applications, add-ons or out-dated scripts, etc and leveraging Apache's FollowSymLinks to read configuration.php) - Insufficient password strength or protection (Brute forcing, social engineering, etc) - An insecure hosting environment. WHMCS, being a billing system, should typically not be stored on the same server where your customers are. The script alone poses no threat. However leveraging additional vulnerabilities and being able to upload it to your server, it becomes a database reader. That being said, if the attacker already has access to the file system the server itself has already been compromised and no data, WHMCS or anything else is safe. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.