verdikleri cevap


Hi *******,

Provided you have updated to at least version 5.2.8 or 5.1.10 prior to the attempts (5.2.17 or newer are recommended), your installation is protected from attacks of this nature. This does NOT however mean that you won't see attempts to use it. You may still see emails or log entries saying somebody tried to update or submit a value that starts with AES_ENCRYPT. If you see these, do not be alarmed.

If you do not see a client under the mentioned name in WHMCS, it is likely that the attacker created a fake account using the registration form (register.php) and changed the details since. You can disable client registrations without ordering (if desired) by disabling "Allow Client Registration" under Setup > General Setings > Other tab.

Please read the below if you are running an older version:

Based on the log entry you've provided, the attacker has only performed a SELECT statement. This particular statement exposes the administrator password hashes. These password hashes, in themselves, are not sufficient to allow the attacker to authenticate into your admin area. The attacker must find the text which equates to the same hash value as your password.

If the attacker is able to extract the true admin user password value, they would then need to also know the exact location of the admin login page as well as have access to load it. As described in our recommended further security steps, WHMCS provides an extra layer of protection to help mitigate the unauthorized access into the administrative area by allowing a custom admin folder path. We also recommend restricting IP access to that folder with an htaccess file.

If you require further assistance, please don't hesitate to let us know.