Jump to content

WHMCS Lawrence

WHMCS Technical Analyst
  • Content count

    90
  • Joined

  • Last visited

  • Days Won

    2

WHMCS Lawrence last won the day on June 16

WHMCS Lawrence had the most liked content!

Community Reputation

14 Good

About WHMCS Lawrence

  • Rank
    WHMCS Technical Analyst

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. WHMCS Lawrence

    Stripe Changes

    3DSecure is only for payments initiated by clients themselves - renewal payments will be handled as they are currently and treated as authorized renewal payments. I'd recommend asking Stripe about how they handle chargeback protection, as that would be part of their own policies and not specific to our module.
  2. WHMCS Lawrence

    Stripe Changes

    This is planned to be in 7.8, along with SCA, which is currently in development and should be available well in advance of Stripe's deadline.
  3. WHMCS Lawrence

    Paypal Subscriptions Changes

    That's correct 🙂 thanks for pointing that out!
  4. WHMCS Lawrence

    Invoice Unpaid Reminder

    If domain reminders are being sent and the domain falls within the invoicing settings (but hasn't been invoiced yet), this suggests that "Disable Auto Renew" is enabled on the domain. Disabling it will allow WHMCS to generate a renewal invoice during the next daily cron tasks run. Alternatively, an invoice can be generated immediately using the "Invoice Selected Items" function on the Client Summary page for the client in the admin area.
  5. WHMCS Lawrence

    How do i hacker hack a whmcs installation?

    Generally the most common source of intrusion can be traced to third party PHP software that has been installed alongside WHMCS, such as Joomla!, WordPress, or many others, that have publicly known exploits or weaknesses at the time. Following any compromise, a complete server or account audit is usually warranted, including searching for any files you do not recognize, in particular any shell scripts or uploaders that many hackers leave in place to allow future compromises. During a security audit, any scripts or third party software should be updated to the latest versions, including any security patches. Once this has been completed, our recommendation would be to delete all files on your WHMCS hosting account except for the WHMCS configuration.php file (including the files in other directories as well) in case the hackers have left any malicious files behind to be able to return later. This will allow you to begin with a "clean slate" by uploading a fresh set of WHMCS files, while using your existing database. Protecting your WHMCS installation is all about your server security. WHMCS can only ever be as secure as the server it is hosted on, so you need to ensure you have permissions on the server set appropriately so other shared users can't read or access your files, you also need to ensure you do not install any third party scripts which frequently have security issues in the same hosting account as WHMCS, and if possible you should consider moving WHMCS to an isolated VPS or dedicated environment for higher security. Please also view http://docs.whmcs.com/Further_Security_Steps for information on keeping your WHMCS Installation secure.
  6. WHMCS Lawrence

    How to hide the fact that my client area runs on whmcs

    To add to what @brian! said, you can customise the client area template to give your installation an unique look and feel, however the PHP file names would likely be a hint to anyone who is familiar with WHMCS and may still see attempts to a lesser degree than if your installation was running a default template. The exploit these attackers are trying to use is quite ancient and does not affect any supported version of WHMCS (if I recall correctly, this only affected early 5.x releases and older, and was quickly patched after discovery). Generally the most common source of intrusion can be traced to third party PHP software that has been installed alongside WHMCS, such as Joomla!, WordPress, or many others, that have publicly known exploits or weaknesses at the time. Following any compromise, a complete server or account audit is usually warranted, including searching for any files you do not recognize, in particular any shell scripts or uploaders that many hackers leave in place to allow future compromises. During a security audit, any scripts or third party software should be updated to the latest versions, including any security patches. Once this has been completed, our recommendation would be to delete all files on your WHMCS hosting account except for the WHMCS configuration.php file (including the files in other directories as well) in case the hackers have left any malicious files behind to be able to return later. This will allow you to begin with a "clean slate" by uploading a fresh set of WHMCS files, while using your existing database. Protecting your WHMCS installation is all about your server security. WHMCS can only ever be as secure as the server it is hosted on, so you need to ensure you have permissions on the server set appropriately so other shared users can't read or access your files, you also need to ensure you do not install any third party scripts which frequently have security issues in the same hosting account as WHMCS, and if possible you should consider moving WHMCS to an isolated VPS or dedicated environment for higher security. Please also view http://docs.whmcs.com/Further_Security_Steps for information on keeping your WHMCS Installation secure.
  7. Looking over the article and the links it in, it seems these instructions are tailored for usage with their own Google Analytics addon and likely won't work without it. It is likely that they are not monitoring comments on the article itself, and hopefully a direct message to the company will get a helpful response.
  8. WHMCS Lawrence

    Invoices are paid but showing unpaid on panel

    I am sorry to hear that you are having issues with payments. The gateway log is always the first place you should check for gateway related issues. You can access that in Billing > Gateway Log. There you will see the exact response coming from the payment gateway's system regarding why the payments are not completing so that should usually tell you what the issue is. For PayPal, this is most commonly caused by either IPN not being enabled on your PayPal account (so PayPal isn't notifying WHMCS of the payment) or something in the data they are sending that is causing the payment to not apply. The links provided by @brian! are a good resource to use when debugging this.
  9. That shouldn't occur under normal circumstances and may suggest an issue specific to your WHMCS installation. I'd recommend opening a support ticket (if you haven't already) so our team can investigate it further. Thanks!
  10. WHMCS Lawrence

    About cloudflare

    There appear to be some third party CloudFlare modules in our Marketplace at https://marketplace.whmcs.com . As for the official module they used to provide, my understanding is that it has several issues and it hasn't been updated for WHMCS versions newer than 6.3, so it is unlikely to work even in existing installations.
  11. WHMCS Lawrence

    Can't modifi price, stays on free

    Hello, This is almost always caused by a third party addon installed in the /modules/addons folder. What I normally do when debugging this is move each folder out of the addons folder, reproduce and see if it is resolved. Once it is, it points to the last moved folder (and the addon it contains) as being the culprit. The others can then be moved back into the folder, and the offending addon can either be removed or fixed by the author to resolve it.
  12. WHMCS Lawrence

    Connection to Stripe timing out

    I am glad to hear that you were able to figure this out. Usually a SMTP caused issue like this is due to either the server's firewall blocking connections to the SMTP server set under Setup > General Settings > Mail tab or an issue with connecting to the SMTP server itself. I'd recommend working on that and get it corrected, as PHPMail() sent e-mails are generally viewed as less trustworthy by recipient mail servers (such as Gmail) and filtered out as spam as a result.
  13. WHMCS Lawrence

    POP3 Connection Error

    There is a case open at cPanel (CPANEL-26439 I believe) that deals with a particular "POP3 connection broken in response" error that sounds like it may apply here, and should correct this once they've resolved it in the Dovecot software that they use for e-mail. I'd recommend reaching out to them to see if they have a workaround or update regarding it and see if that helps.
  14. WHMCS Lawrence

    Nginx friendly urls

    As long as the nginx rewrites are re-implementations of the existing rules we provide in current releases in the .htaccess file, they should work. However a quick check of the ones provided in this thread reveals that they may all be incomplete in one way or another, so they may not work as expected in all URL writing methods used for the Friendly URLs setting under Setup > General Settings > General tab.
  15. That should work as expected 🙂 The main reason why I talked about keeping separate passwords is that sharing passwords between multiple logins (in this case their hosting service and the WHMCS client area) is considered a bad security practice and inadvisable. If their hosting service password was compromised somehow, the attacker now has a possible valid password to try on the client area, which they could then use to access it and possibly compromise their other services, domains, etc as well. Separate passwords helps to eliminate such a possibility.
×

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated