Jump to content

I getting targeted by 0-day can and need advice.


fish911

Recommended Posts

Hi First let me say if this is posted in the wrong location , please advice me of the correct thread and I will repost the topic..

 

I'm new to whmcs, my problem is I have been getting lot's of bogus accounts being made since last night, as soon as I remove / delete the account and block the IP another one or two is created.. I have my settings set to purchased must be completed before a new membership can be made. How can I prevent new accounts from being made?

 

They are using emails and usernames such as

 

Email Address: whmcs0day@gmail.com

Password: whmcs0day@gmail.com

 

Also user-names such as 404/403

 

I read as much as I could about this and learned it's some kind of man in the middle? Trying dump my account holders CC information?

 

Can someone please tell me the steps or point me in the correct direction to prevent this 0-day attack crap. I really need to prevent this and protect my clients data

 

Thanks for any help in advance

 

Fish911

Link to comment
Share on other sites

There is a now closed thread on this topic located here:

Spam Account Keeps Registering - WHMCS Forums

Another is located here:

Keep getting hacked - WHMCS Forums

 

Both could probably be merged into one at this point, and your thread here will most likely end up merged there as well.

 

If you're in a rush:

Can someone please tell me the steps or point me in the correct direction to prevent this 0-day attack crap. I really need to prevent this and protect my clients data

 

See this post:

Spam Account Keeps Registering - WHMCS Forums

Link to comment
Share on other sites

Hey thanks for the response, infopro and SiteOx I do currently have reCaptcha enabled.

 

I've been reading over the threads suggested above I've yet to finish them but from what I've gathered so far is someone / some script is using an out of date SQL injection, I figured I might see some of this behaviour when I reviewed the query strings =? equals some number or something close. I did add a security question although I'm not sure if that will make any difference. it's seems the guy / script " DMASTERPIECE " has been doing this for quite sometime.

 

 

 

I will continue reading the threads suggested above and see what I can do to over come this issue, I'm completely open to suggestion and really appreciate them.

 

Thanks for the response

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated