Jump to content

unusual and strange malicious activity

Remitur

By Remitur
in Troubleshooting Issues

 Share

Recommended Posts

Remitur Senior Member

Remitur

Posted
Posted

Today I'm experiencing an unusual and strange attack on WHMCS.

I found a number of new support tickets (dozens of them), all of them:

  • opened by a fake email address  netsparker@example.com
  • the object of all tickets is the same: "3"
  • the text includes just different fragments of code injecton attempts:, such as "         1'));SELECT pg_sleep(25)--           "
  • there's no user with such a username
  • there's no evidence of this tickets in Ticket mail Import Log
  • In activity log, for each ticket opened in activity log I can find just  
    31/08/2021 10:50	
Email Sent to Smith ([Ticket ID: 2021083146796] 3)
System	85.214.147.24

Maybe, I got rid of it blacklisting only his IP (but if the bad guy changes his IP, I guess he will be back...

(blocking the email address had no effect)

The question is: how the hell this bad guy opened these tickets?!?!

 

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept