I have installed WHMCS on my domain, but I haven't advertised it at all.
To my surprise, I received an order today:
Order Information
Order ID: 1
Order Number: 6191807400
Date/Time: 07/01/2016 22:20
Invoice Number: 1
Payment Method: PayPal
Customer Information
Customer ID: 1
Name: XHEADER XVALUE
Email: [email]headervl@gmail.com[/email]
Company: XHEADER-XVALUE
Address 1: dm
Address 2: dm
City: dm
State: Arizona
Postcode: 404404
Country: US
Phone Number: 086969696969
Order Items
Domain Registration: Register
Domain: whmcs0day.com
First Payment Amount: $19.95 AUD
Recurring Amount: $19.95 AUD
Registration Period: 1 Year/s
Total Due Today: $19.95 AUD
ISP Information
IP: xxx.xxx.xxx.xxx (I hid this for the forum post)
Host: xxx.websitewelcome.com
I didn't receive a payment in Paypal.
If I login to my WHMCS dashboard, I have 1 pending order:
The "Client" field says:
XHEADER XVALUE
AES_ENCRYPT(1,1), address1= (SELECT MIN(username) FROM tbladmins), AES_ENCRYPT(1,1), address2= (SELECT MIN(password) FROM tbladmins)
AES_ENCRYPT(1,1), city= (SELECT MAX(username) FROM tbladmins), AES_ENCRYPT(1,1), state= (SELECT MAX(password) FROM tbladmins), 40404
United States
So, it appears this is a hacking attempt. They may of been testing for a WHMCS 0 day vulnerability (after googling "whmcs0day.com".
Perhaps they found my WHMCS URL on a technical support thread somewhere....
Anyhow, how do I determine if the hack attempt worked? I can't see any way to view logs in the WHMCS navigation.
I have changed my WHMCS dashboard password.
I have banned the IP above in WHMCS dashboard.
Do I need to do anything else?
I am using WHMCS v6.2.0