Jump to content


Level 2 Member
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by bear

  1. The ones I mention are also for helping secure WHMCS access, at least the admin area. We restrict via IP, as well as using Yubi as 2FA. If our IP changed frequently, we'd probably go with a VPN that's allowed to access and hit that to log in from.
  2. If there was no other way to lock things down some, yes. As it is you can set up HTTP AUTH, or Yubikey, and/or IP restrictions (even "tunneling" through a VPN that's whitelisted) and more. Them charging fees for *some* methods might not be appreciated, but you're not held hostage to those methods. Can't fault them for it in this case.
  3. We simply use Yubikey, that we bought direct. Not having to pay for access to something like Authy would have been preferred for us, but that will do.
  4. bear

    Shady customer.. what to do

    How well do you know the customer? How were the other transactions done? I'd be really suspicious if it was a random customer and they'd done this with more than one payment method and there were a few smaller transactions done over a short time period. Feels a lot like testing his process to me, as if he was a carder, but not experienced.
  5. 7.6 has been out and stable a really long time. Maybe you mean 7.7? In my case that couldn't have been it, since the dev install had no domains in it. Glad you found your cause, though. :agree:
  6. I was checking something in my dev install (7.6x) and came across that same error. Price for the domain extension I was checking was in place, but until I shut off namespinner and used the generic whois it kept stating that. Unsure how that's related, but that's what happened to mine.
  7. bear

    Finding Nulled WHMCS distributions!

    For them it's used as a selling point, and a direct comparison to WHMCS goes on all the time, with that being mentioned loads. They even created that silly "billing brawl" site to compare it. At least so far, I'm not seeing a huge advance in market share (anecdotal, no evidence but observation) over WHMCS. I don't care for the mass of obfuscated code on WHMCS, but don't think (mostly) viewable code is causing more uptake of the other one, but I do think the price and license changes WHMCS recently undertook absolutely opened a door for them.
  8. bear

    Import GoCardless mandate

    Damn you for being helpful! :lol: Totally agree with the concept, though. Public posts benefit all, PMs benefit just one.
  9. On several occasions we've had a customer try to pay an existing invoice and get flagged because the IP was too far from the address in the system. The most recent one was a bad IP lookup, as it put him several states away from his true location, so it can get things wrong in that regard. There's a setting in the system to skip fraud checking: "Skip Fraud Check for Existing - Tick this box to skip the fraud check for existing clients who already have an active order", but it's still checking if they attempt to pay an existing invoice, even if they have several paid/successful orders in the system. It *seems* like it only skips this if they're placing a new order? Have I missed something here? IMHO, this should skip fraud checking for existing invoices also. Thoughts?
  10. Good call. Seems they'd added something in the config I wasn't aware of, and that was causing this. Defaulted to a 200 mile distance, when Maxmind should be the one checking. Thanks!
  11. No hooks involved, just out of the box WHMCS and Quantum gateway. Long term customer tried paying invoice generated on a service he's had with us a long time (since 2006), and it was declined. Reason: "decline_reason => Risk Score of 100000 - - distance too far". He has a card on file at the gateway, which would have auto processed in a few days anyway, but he was trying to pay it manually, I'm assuming with the same card. Weird one.
  12. bear

    Finding Nulled WHMCS distributions!

    Dangit, broke the first rule! :P
  13. bear

    Finding Nulled WHMCS distributions!

    I hear there's one on Github...oh. 😜 As long as there's encoded software someone will come up with decoding for it. It's important to remember that they're often imperfect versions, or worse, contain back doors and exploits. Really not worth it.
  14. bear

    Can i use the whmcs free version for my whm ?

    What's lower than free (which AFAIK does not exist)?
  15. Ugh. If you're moving some of this, WHMCS, why not move it all? Having configs in more than one place for somewhat related items (security settings/changes) is frustrating and prone to folks missing things. 🙈
  16. @WHMCS John I think you may have missed the point of my thread. If my support is expired, which I might not have been aware of (another issue, not being reminded/notified), nowhere within WHMCS except for a small blurb on the update page (at the bottom) does it tell me about this. Nothing in the header of the dashboard, system status, sidebar or in fact on the update page where it shows the giant "You're up to date", when in fact there's a new version (borne out by the pink/red blurb on that same page. This means I'd need to already know there's a new release, and also know that I had to go to the update page and scroll down past where it falsely told me I'm fine to learn about it. I'd suggest that needs fixing. I'd say a simple notice in the dashboard on even expired licenses that leads to the update page where a noticeable notice appears...and the "you're fine" text maybe saying something about license/support status. Maybe just me.
  17. Lately it seems WHMCS is putting a lot of effort into new ways to make money for themselves. We don't always like the way they've done it, but that's business and understandable for the most part. I see the new version has been released, and on one of my installations it shows a highlighted (pink with red text) nag at the top of the admin dashboard that an update is available. On the other install, no nag. Looking into it, I see the updates have expired for that install. No reminder email, no "hey, an update is available, but you can't have it" nag in the dashboard and so on. Had to go look at the update page in admin to see the cause, and even then it says in large letters at the top (along with that huge puffy version box) : "You are running the latest version". Further down, "below the fold" so to speak, it states I'm expired, only in that box telling me there's a newer version anywhere. Kind of missing the boat there, not making it obvious something that makes you recurring money has expired (in this case a month ago), when a busy admin doesn't alway check they're up to date, no? I update on expiry, it expires again sooner. Just sayin'. 😉
  18. As mentioned, it says there's an update only on the page where you check for updates, and then only at the bottom of that page, after scrolling down. On the dashboard, nothing. On the update page it clearly states "you are on the latest version", at 7.6.1. It's only once you scroll down you see the rest of it: "Expired Support & Updates Preventing Update A new update is available however your Support and Updates have expired." Also, "WHMCS Maintenance Updates Released" email? This is a maintenance release? Oh, and just checked my email logs; no such email arrived here. 😉
  19. Got no emails, and don't use Twitter. Seems to me the place to tell me I've expired is the place I definitely go to daily (often many times per day), with a clear notice that "hey, there's a new version you can't have" or something. If I wasn't participating here or had a second active support installation, I simply wouldn't know about it. I mean, we have giant badges on the dashboard that don't update very frequently and are somewhat pointless in that regard, so why not something useful like a warning/notice that's important? I hear you. The Beta seemed to end really quickly, and few threads about issues. Hard to say if it's "just that good" or low participation was taken as "no problems reported, release it". As always, the next few weeks will tell, as more move to it.
  20. Try using min-height. Max defines the largest it will be allowed to get, not how large it should be. https://developer.mozilla.org/en-US/docs/Web/CSS/max-height
  21. Different datacenter, preferably not geographically near where you host clients, and if at all possible on a VPS to segregate it from potential local hacking efforts by any bad actors you may host at some point. That's just our take on it. 😉
  22. If that's the one that came with WHMCS, I believe that file does nothing in versions past 7.5. It's there as a placeholder only, and has no functions in it.
  23. Your file is name .custom.css, with the leading ".", or is that a typo?
  24. This is a few years old, but there's a request under consideration: https://requests.whmcs.com/topic/support-ticket-custom-field-type-for-encrypted-data
  25. bear

    Using 3rd Party KB

    Here's a thread from a while back, in which Sparky had created/shared a script with me that was working in v5. It would likely need updating to work in the new WHMCS versions. The code wasn't shared there, but I have a copy of it here, I believe. Since it was mostly his work/effort, I can't share it unless he says it's ok, or maybe he'd still have that and be willing himself.

Important Information

By using this site, you agree to our Terms of Use & Guidelines