New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WHMCS client namechange to AES_ENCRYPT
I was wondering who else have people signing up for an account at WHMCS and then they change their name to the following:
"First Name AES_ENCRYPT(1,1), firstname= (SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)"
Yes, i do have 5.2.8, and lucky me this didn't happen when i was still using 5.2.7
So yeah, who else have people doing this?
And do you think this will be harmfull?
Comments
Hehe, they keep trying, don't they?
I had one try that for me yesterday, I banned their IP but that won't stop them from coming back
disable client registrations and you will be fine
You guys should get a robust mod_security rule set in place. We have our firewall setup to temporarily ban any IP that attempts to run that exploit (and various others) on our server.
It's that reset hack. It keeps happening all day long.
Go to:
Setup>General Settings>Other>Locked Client Profile Fields
and check "First Name", "Last Name".
Now they can't change those fields after initial sign up.
Also please do an IP trace then file an abuse report with the owner of that IP. The more people that do that the less compromised servers/proxy servers. Won't stop the little shits but makes them work harder.