Jump to content

Fake Admin Login Page

Daniel

By Daniel
in Third Party Add-ons

 Share

Recommended Posts

Daniel Senior Member

Daniel

Posted
Posted

Firstly - This was built quickly so the code isn't pretty and there's probably faster ways of doing this.. but it works :)

 

For those that have changed their admin directory in WHMCS (should be all of you) this is a fake login page for you to upload to /admin/

 

If someone tries to login to this fake area, their details, including IP address and the attempted username and details are forwarded to your email address.

 

To use, simply upload the contents of the zip below to the [fake] /admin/ folder of your WHMCS install and edit the details at the top of "dologin.php"

 

 

Disclaimer - I accept no responsibility of you breaking your install or loss of data by using this script!

 

 

Download - Here

 

Dan

0
Link to comment
Share on other sites
  • Replies 107
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Daniel Senior Member

Daniel

Posted
  • Author
Posted

in dologin.php

 

find

 

<p style=\"font:11pt arial\" align=center>We have been notified of your hacking attempt!<i>Thank you</i></p><br>
	</body></html>"); exit(0);

 

Replace with..

 

<p style=\"font:11pt arial\" align=center>We have been notified of your hacking attempt!<i>Thank you</i><br>
	Your IP Address has been logged as $ip </p>
	</body></html>"); exit(0);

0
Link to comment
Share on other sites
Daniel Senior Member

Daniel

Posted
  • Author
Posted
I'd suggest instead of "We have been notified of your hacking attempt!" you give them a "Sorry, service unavailable. Try again later." sort of message. Why clue them up that they've been caught and cause them to look deeper at your site?

 

If it could output their IP to a text file, we could use a htaccess to just ban them so they can't go looking anymore anyway.

0
Link to comment
Share on other sites
indtg Junior Member

indtg

Posted
Posted

Looks great. I had to make one small change in login.php:

 

Changed: 

print date("g.ia");

 

to: 

print date("g:ia");

 

This made the date format on the fake admin page match that of the real thing. (It could just be the way I'm displaying dates returned by PHP.)

0
Link to comment
Share on other sites
columbusgeek Member

columbusgeek

Posted
Posted

This is really a awsome tip.

 

For the record this is how you change your admin folder name. I copied this from the security thread.

 

Change your WHMCS Admin Folder name

Malicious users who visit your site and recognise a WHMCS install will know that they can try logging into your admin area via the admin folder. To protect against this, you can rename the admin folder name to any name you like. You cannot move the folder - only rename it. You can then tell WHMCS what the name of that folder is for the links in admin notification emails by adding the following line to your configuration.php file:

 

$customadminpath = "myadminname";

0
Link to comment
Share on other sites
indtg Junior Member

indtg

Posted
Posted

no worries.

 

Dan, I don't mean to take over your thread. You did the majority of the work on this so the credit goes to you.

 

Attached is a modified version of Dan's code. The quick and dirty modifications are:

 

  • Changed the time to HH:MM (see previous post in this thread)
  • Created a templates folder with style.css from admin/templates
  • Modified the "display mail sent message" section in dologin.php so the output mimics the login page with an error message (and yes, the time updates on the error page too.)

You can change the error message by searching for Database Connection Error in dologin.php and replacing it with your own error.

 

Examples:

Database Connection Error.

The database YOURFAKEDB cannot be found.

 

Web Service Error

Admin Web Service is not available.

 

Or you can use the default invalid login error message in WHMCS:

 

Login Failed. Please Try Again.

Your IP has been logged and Admins notified of this failed attempt.

 

Ideally (IMHO) you want the fake admin website to mimic the real one. The devil is in the details and if someone is google hacking for WHMCS admin websites (inurl:admin intitle:WHMCompleteSolution), you want the html output of the fake admin page to be the same as the output from the real one.

 

Dan has my code so I'll let him handle the "official" release. Thanks!

 

This seems like an awful lot of work but I'd rather have someone or something pointlessly spend their time and get nowhere in the end.

admin_modified.zip

0
Link to comment
Share on other sites
indtg Junior Member

indtg

Posted
Posted

Yes it can be changed under Config | General Settings | Localisation however I don't believe that change affects the date and time at the top of the admin pages.

 

Edit: Changing that setting does not affect the format of the date and time on the admin pages of my whmcs website however, I can't vouch for anyone else's installation.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept