Jump to content


Level 2 Member
  • Content count

  • Joined

  • Last visited

  • Days Won


yggdrasil last won the day on November 10 2018

yggdrasil had the most liked content!

Community Reputation

41 Excellent

About yggdrasil

  • Rank
    Level 2 Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. yggdrasil

    iOS App

    I never saw any update for my mobile Android app...ever. They are not updated for years it seems.
  2. Does someone tried to add a second 2FA directly on the database maybe? I don't care to do this manually for my account even if it requires a hack but I absolutely need to add 2 FA devices per account. I know I can create a second staff account with the same privileges and even same password but that seems like annoying, having to be forced to use different admin accounts.
  3. yggdrasil

    I have had my joomla site integrated with WHMCS

    Of course, in fact WHMCS is designed exactly for that sort of services. Subscriptions based. You don't need to disable the account for non paying users. You can have a module that just disables the backup services/product, that way the customer can still log in and pay his invoice assuming that was the reason and have it reconnect automatically. Of course if you want to completely disable the account you can also do that, there are API's to do all this and WHMCS is perfect for selling online services, that includes not only hosting and domains but also online backups or any other subscription based product. Any service works just fine, that includes one time services, recurring services like every month, every year, licenses or other intangible items like software, etc. Its designed for service companies, so you can also support customers from their accounts. Why would you want to manage your backup customers on a different customer/account systems? You can just use WHMCS directly for that.
  4. yggdrasil

    WHMCS systems

    There is a modules garden module that allows you to resell domains and connect other WHMCS to your installation. WHMCS also has an API, so yes you can interface with WHMCS trough the API if you want, that includes accepting orders, manage services, etc.
  5. Do not use a proxy or VPN while making purchases online and you will not be classified as high risk. Its likely someone else is doing fraud using the same IP you are using to connect to the Internet. Its that or WHMCS is seeing other things as suspicious in the purchase. Antifraud systems are not perfect it might be a false positive.
  6. yggdrasil

    email monitoring question!!!

    1. You check all the emails sent to customers on the logs. Is that what you mean by monitoring? 2. No, WHMCS is not an email server. You need to setup that on your own and then connect it with a module to WHMCS.
  7. yggdrasil

    I have a few questions pre purchase

    It means the refunds are only for the WHMCS software/license but not additional services. I know this is confusing but the services WHMCS offers on their site or marketplace are not provided by them. They are just reselling them. Refunds are only for trialing out their software. You are ok making test users and test payments. The clause does not mean that, you are free to use and test the software, even with real users on the trial. If you are not happy after 30 days you can request a full refund.
  8. I'm not sure if WHMCS developers have realized this but WHMCS only allows 1 single device to be added as OTP (Google Authenticator, Authy, etc) or a hardware device like YubiKey per account. This is both for customers and staff 🤮 This is more or less pointless because everyone suggests having as minimum two in case you lose one device. Now, yes, you can backup them with Authy or even save the QR image from something like Google or Microsoft Authenticator making the whole idea less secure but the same is not even true for something like YubiKeys or other hardware keys. This is exactly why Yubico suggests buying 2, in case you lose one. For example most sites and accounts on which I enabled this let you have more than one key or authenticator enabled, usually up to 5. WHMCS only allows 1 and just one regardless of the type. Its either OTP and or YubiKey or Duo Key and for my nightmare its also limited to just 1 single of the same... This is extremely dangerous. Imagine you activate YubiKeys for your WHMCS staff and they lose them. Sure, you can deactivate it as admin but what if you are the admin and lost your key? You cannot use a backup key to log in and now need to mess the DB to reset your login. Even worse, what if you have a fixed key in your office and one on the go that you carry around? Now you cannot access WHMCS outside the office because again, only the fixed one plugged in the office is authenticated and you cannot enable your second key... Please WHMCS, this is just lazy implementation. Users and Staff both should be able to add at least minimum 2FA device per account. If you ask me, I would at least allow 5. But in the security world, you are not even suppose to use something like YubiKeys unless you actually have 2, one main one and one for backup.
  9. yggdrasil

    Android App

    Well it was working fine for me for years. For some reason now I get errors both on my tablet and phone. When I hit the button Predefined Replies I get: Error An unknown error occurred! If you tell me its working fine I will investigate what changed. Maybe a permission problem on WHMCS or something else. I didn't bothered to check any logs or dig into the issue because since it was happening on 2 different devices I assumed Android or WHMCS broke it, but since you are telling me its working fine I will double check on my side. It seems something is blocking the connection when it tries to pull the predefined replies from the server, tickets and other stuff seem to work fine. Maybe an API permission change. I will try to check later today. WHMCS 7.5.2 + Android 7.0 and Android 9.
  10. yggdrasil

    Switch to HTTPS for admin side

    No, your point is not valid. Nobody has control on what other websites do on the Internet. Some domains in our WHMCS are not hosted with us, we can't do anything if they are not redirected to HTTPS by default. Your logic is that we should contact them and tell them to please redirect to HTTPS so our staff or admin can avoid typing S in the address bar manually? Good luck with that! If I want HTTPS I should request that, not HTTP. Why would I request an insecure protocol when I want the secure one? Second, using HTTP and not redirecting to HTTPS is not a technical issue, it's a choice. Its not incorrectly coded either. Some domains might prefer to stick to HTTP for their own reasons, again, why should I or you or anyone else tell someone how they should manage their websites? You don't seem to realize that we are not talking here about what people do on their websites/server. Some domains might not even resolve because they have no hosting, or some are not redirect to anywhere...and are just dead. This has nothing to do with how websites are setup on a server. You are confusing things. We are talking here about how you open links on the admin side inside WHMCS for customers domains, not how people decide to setup their websites on what ever cloud or service they picked. You also contradict your own point. First you say WHMCS works perfectly fine (using HTTP on links) but then claim it's a technical issue on those sites... Why would you use HTTP and then redirect to HTTPS when you can use HTTPS directly? If you want one protocol, you should request exactly that, not something else and expect a redirection. Redirections have overhead, and they also take longer. Even if all websites in the world use HTTPS tomorrow, it would be really moronic to still link all websites to HTTP instead of HTTPS (because you assume they should redirect). Why would you prefer to have your browser take longer to load a site on every single click? Why would you prefer a web server to redirect first when you can request the correct request from start? Websites redirect to HTTPS because a lot of older software and protocols (just like WHMCS) use to HTTP by default. This is the main reason. It's a temporary fix, not a solution, you are not supposed to stick to redirections in the long run. If you want to go more technical, using HTTP by default means you are connecting with an insecure handshake first, before redirecting to HTTPS. In fact its not even allowed under HSTS anymore which means redirecting from HTTP to HTTPS is completely avoided, you should not even accept HTTP connections at all if you are planning to go that route: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
  11. yggdrasil

    Switch to HTTPS for admin side

    Yes, I understand this is why it should be optional. Maybe a switch on the settings to default links on domains to HTTP or HTTPS (admin choice). While not everyone has switched to HTTPS yet, I would say that the % now is more inclined to HTTPS than HTTP. I personally would prefer to open them in HTTPS now.
  12. yggdrasil

    Switch to HTTPS for admin side

    Did you even read what I posted? I'm talking here about WHMCS and the links you click on WHMCS staff side, not how someone has his website/server configured.
  13. yggdrasil

    Android App

    Is WHMCS going to ever update the Android app? Canned replies don't work anymore on the latest WHMCS updates. I tested this on 2 different Android devices with different Android versions. I'm starting to think they should just pull the Android out of the PlayStore if they are not going to maintain it anymore.
  14. yggdrasil

    Delayed Ticket Reply

    I know nobody from WHMCS is going to read this but I think a nice feature for ticket replies would be a delayed feature. Similar to how Outlook can delay emails. Imagine the scenario on which you reply a sales ticket outside of business hour or a weekend. Instead of the customers receiving the email and ticket reply immediately (could be annoying for some people), you could schedule it to be delayed until a specific time. For example in for Monday at 7:00 AM. You type the ticket reply, hit delay button, set the time/date and click Reply. As far as the staff concerns, the ticket is now replied but the on the customer side, they don't get the reply and email until that specific time. This would allow them to receive it on business hour for example and also give the impression it was replied on business hours while maybe you did it Sunday at 11 PM.
  15. yggdrasil

    Email Notifications Module

    I know and I'm very sorry for that behavior. Ohhh 🤦‍♂️. That is much worse then. Sub-accounts that don't have the proper access permissions to access a specific product from their main account could still access them as the passwords are leaked. I know it's a standard practice to state on emails that customers should change their logins once received by email (since email is not secure either), but lets be realistic. Some people don't and will always just use the defaults that WHMCS creates for them as they find it more comfortable just to log into their services directly from WHMCS.

Important Information

By using this site, you agree to our Terms of Use & Guidelines