Jump to content

nf_able

Member
  • Content Count

    7
  • Joined

  • Last visited

  • Days Won

    1

nf_able last won the day on April 11 2019

nf_able had the most liked content!

Community Reputation

1 Neutral

About nf_able

  • Rank
    Junior Member
  1. My install has been fine to date, but when creating a new invoice and publishing it, my system triggered a 504. I went to check updates, attempted to download a db backup and another 504. In cPanel I disabled modsecurity - then was able to edit my invoice (which it had created). Turned on WHMCS error reporting. Re-enabled modsec in cPanel and . And now was able to edit an invoice and create/email a new one. Now when turning off error reporting, I get a 403. == Checking WHM Modsec I see: 921130: HTTP Response Splitting Attack Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: Pattern match "(?:\\bhttp/\\d|<(?:html|meta)\\b)" at ARGS:emailglobalheader. 941100: XSS Attack Detected via libinjection Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: detected XSS using libinjection. 941130: XSS Filter - Category 3: Attribute Vector Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: Pattern match "(?i)[\\s\\S](?:!ENTITY\\s+(?:\\S+|%\\s+\\S+)\\s+(?:PUBLIC|SYSTEM)|x(?:link:href|html|mlns)|data:text\\/html|pattern\\b.*?=|formaction|\\@import|;base64)\\b" at ARGS:emailglobalheader. 941140: XSS Filter - Category 4: Javascript URI Vector Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\b[^>]*?>[\\s\\S]*?|(?:=|U\\s*?R\\s*?L\\s*?\\()\\s*?[^>]*?\\s*?S\\s*?C\\s*?R\\s*?I\\s*?P\\s*?T\\s*?:)" at ARGS:emailglobalheader. 941250: IE XSS Filters - Attack Detected Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: Pattern match "(?i:[\\s/+].*?http-equiv[\\s/+]*=[\\s/+]*[\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))" at ARGS:emailglobalheader. 941260: IE XSS Filters - Attack Detected Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: Pattern match "(?i:[\\s/+].*?charset[\\s/+]*=)" at ARGS:emailglobalheader. 980130: Inbound Anomaly Score Exceeded (Total Inbound Score: 35 - SQLI=0,XSS=30,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): individual paranoia level scores: 35, 0, 0, 0 Request: POST /billing/master/configgeneral.php?action=save Action Description: Warning. Justification: Operator GE matched 5 at TX:inbound_anomaly_score. Any help of suggestions appreciated ... I'm using OWASP 3 rules Much thx, nf
  2. Thanks ygg! 1) I see on the System Health Status screen a warning for PHP Mismatch I checked and rechecked and ended up with what I had when I posted /opt/cpanel/ea-php74/root/usr/bin/php -q /home/MYDOMAINFOLDER/public_html/WHMCSDIR/crons/cron.php and just waited 24 hours and it seems to have cleared up. Honestly I did some in WHM as well (this is on a VPS) and not sure which option I might have altered made the difference, not very scientific. Just followed all advice I could find and waited, now the error is gone. 2) I also see a Needing Attention alert for Error Reporting Ended up being in my configuration.php file set to 'true', not in the WHMCS admin GUI 3) When I navigate to Pending Module Actions from the main dashboard, the resultant Module Actions screen appears for about 2 seconds and I am redirected to https://host.MYWHMCSSITE.com:2087 and I see a WHM login screen. I discovered I had an outdated module addon 'Import Assist' not compatible with latest version 8 WHMCS. Realized I was in a bind, couldn't downgrade to the PHP version that was compatible with Import Assist to remove b/c it would be below min PHP for WHMCS. So I just deleted the Import Assist folder in cPanel file manager, then in WHMCS - I just loaded the Pending Module Actions and clicked on 'Ignore' or 'Mark as Resolved' like 2 or 3 at a time, then page would time out and roll me over to that WHM login, and I'd go back and play that whack-a-mole process until they were all cleared. Now module actions page will load with nothing present. Thanks again.
  3. Hello everybody - I just kind of let WHMCS do its thing and over time that's been great for my modest needs. However I started reviewing the configuration file after discovering I had inadvertantly knocked out my cron by incorrectly moving the cron directory. I have just amended that and am now doing a inventory of the syustem configuratiojjn to make sure everything os kosher. 1) I see on the System Health Status screen a warning for PHP Mismatch Cron PHP Version Mismatch Your environment appears to be running a different PHP version (7.3.27) for the System Cron than the currently loaded PHP version (7.4.16). This may cause issues running your System Cron. 2) I also see a Needing Attention alert for Error Reporting Error Reporting Your system is set to display errors. While this is useful for some debugging situations, it can interfere with some operations and is a security risk. For more information please refer to our documentation. 3) When I navigate to Pending Module Actions from the main dashboard, the resultant Module Actions screen appears for about 2 seconds and I am redirected to https://host.MYWHMCSSITE.com:2087 and I see a WHM login screen. *Sorry for the 3 in 1 issues to post. Troubleshooting I've done for 1) above PHP mismatch - I've gone to terminal and verified cpanel is calling a php 7.4 by using the directions here: https://help.whmcs.com/m/automation/l/969680-identifying-the-php-ini-used-for-in-command-line-cron-engine Multi-php ini in cPanel is set for 7.4 in my home directory and WHMCS install public_html in php.ini / user.ini / .htaccess CRON in cpanel set to: (every 5 mins) /opt/cpanel/ea-php74/root/usr/bin/php -q /home/MYSITEHOME/public_html/WHMCS_DIR/crons/cron.php Also checked Utilities->System->PHP info in WHMCS and see Configuration File (php.ini) Path /opt/cpanel/ea-php74/root/etc Loaded Configuration File /opt/cpanel/ea-php74/root/etc/php.ini Troubleshooting I've done for 2) above Error Reporting Configuration->System Settings -> General Settings -> Other and verified all Error / Debug options at bottom are deselected ¯\_(ツ)_/¯ Troubleshooting I've done for 2) above redirect from Pending Module Actions Not sure where to start with this one... Any suggestions welcomed - thank you for the time.
  4. Great Chris - thanks for the notice on this! +1 on it looking more legit! I Thought we were just missing a logo, having the check break down image is great. Thx
  5. Much thanks, Mr. Downs! It's good to know someone will get their eyes on it! I appreciate the response. Much thx, nf
  6. Hi Brian - thank you for the reply. I have WHMCS thru the grace of my VPS provider at Liquid Web, so I don't think I *personally* have an account with WHMCS. I suppose I could ask my LW guys and maybe they could pester WHMCS on my account. Yes, it would take seconds to update. I'm at v7.6.1 Thx!
  7. Hello, I've found a broken link on line 34 of /modules/gateways/bluepayecheck.php The URL is https://www2.bankofamerica.com/creditcards/application/images/aba_routing.gif But there is not a resource there, and it renders as a '?' broken image link and looks bad to clients. Please advise. Much thx, Ryan
  8. Welcome to WHMCS.Community nf_able! We're glad you're here please take some time to familiarise yourself with the Community Rules & Guidelines and take a moment to introduce yourself to other WHMCS.Community members in the Introduce Yourself Board.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated