Jump to content

question on 5.3.9 security


Recommended Posts

I have only changed the admin address, and added no other security, and I am using 5.3.9 because I have not been notified of a security update after that, so should I theoretically be safe from things like this

Address 1: 'dm' to 'ASS_ENCRYPX(1,1), address1= (SELECT MIN(username) FROM tblxxmins)'

Address 2: 'dm' to 'ASS_ENCRYPX(1,1), address2= (SELECT MIN(password) FROM tblxxmins)'

This change request was submitted from ip-XX-XXX-XXX-X.ip.secureserver.net (97.74.XX.XXX)


I have never noticed any successful hacks.


It became a monthly job to delete fake invoices, I stated just to leave them they stated appearing less, I tried to install the registration security but have not finished that yet.


It's a pity that we have the IP addresses and details of people and robots that do this type of thing to all internet systems, but it's no ones job to stop it.

Link to comment
Share on other sites

  • WHMCS Support Manager


This appears to be an attempt to exploit a known security concern in old - End of Life - versions of WHMCS.

Provided you were running WHMCS v5.2.8 or above at the time these changes were made you are perfectly safe and the client can just be deleted.


You can read more about this in our blog post from the time: http://blog.whmcs.com/?t=79527

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated