Jump to content

kingsleymensah

Member
  • Content Count

    62
  • Joined

  • Last visited

Everything posted by kingsleymensah

  1. Hey, i found the fix.... turned out there was nothing wrong with my WHMCS but one of my clients was taking backups and storing in file manager so basically i hit the limit of my storage. i found it and removed them ASAP.
  2. Hello, i have been using WHMCS for the past 3 yrs and just now a client placed an order and package creation failed so i went in there only find out that WHMCS cannot find find cpanel packages anymore. What could be the problem? https://prnt.sc/12x70p3
  3. Hello, i created a product group where i have assigned my new reseller packages i created to ( https://prnt.sc/utf4io ) I don't know why but they are not visible to existing clients ( https://prnt.sc/utf8he ) but only visible to new signups.( https://prnt.sc/utfa3s) where did i go wrong??
  4. Ok, so i solved this by switching the server group option to "Add to the least full server" https://prnt.sc/uszi4y Now a new issue has come up... I was able to fetch and assign the packages in WHMCS alright but now the product group does not display the reseller products to existing clients with existing products already https://prnt.sc/uszm2k P.S these are reseller packages i created
  5. Hello, I added a new server to my WHMS and test connection was successful !. I got to module section of setting up product but it cannot find any of the packages i created https://prnt.sc/uswnif The error message says "No server found" I actually added the server to a group too
  6. Hi guys, i received an email from someone claiming to be a pentester and he says he found a vulnerability in my WHMCS Here is what he sent: "I am a security researcher and I found this vulnerability in your website https://kingscel.com/ Bug type : UI Redress Impact : Phishing (account compromise) Description : Click jacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. POC: <html> <head>UI REDRESSING</head> <body> <h1>WEBSITE IS VULNERABLE TO UI REDRESSING</h1> <iframe width=100% height=80% src="https://mydomain/whmcs/clientarea.php"></iframe> </body> <html> Impact: Any User can be lured in to click on whats look like a functionality of the website but is actually an attackers frame button containing some malicious javascript code or redirection code leading the user to a vulnerable site . And as the vulnerability persists even after the user is logged in which makes it even more sever. Suggested Fix: Add an iframe destroyer in the page headers. Please let me know if any more info needed ! Waiting for your reply and hopefully a bug bounty for responsibly reporting the issue ... Note: i am attaching a screenshot as proof of concept waiting for your response." Note: he just took a screenshot of my client area login page Should i be concerned?
  7. Well i just did but no errors displayed. could it be from the custom payment gateway module?
  8. I upgraded my php version on my server to 7.3 and whmcs broke. NB: i checked php version compatibility in WHMCS first which shows no compatibility errors before upgrading to php 7.3 Oops! Something went wrong and we couldn't process your request. Please go back to the previous page and try again.
  9. I realized port43whois.nic.gh seems to somehow stopped working so i changed to their whois form just like you did and it works fine now. Thanks a lot.
  10. Immediately i did that, i started getting error 503 on all WHMSC pages. They work fine when i delete custom whois.json file. Any suggestions here?
  11. with the custom file do i name it "whois.json" or i can name is lets say "gh.whois.json". Also do i have to duplicate the extensions of "dist.whois.json" to custom file or i just have to list in there the only custom extensions i would like to add.
  12. Never mind guys, i got it . It seems the problem was from the registrar. i realized even their whois page was not resolving but after some hours now it started working.
  13. As always after updating whmcs i go to dist.whois.json file and add my CCTld there but after this upgrade it is not working anymore. https://prnt.sc/qs1ewh here is a screenshot
  14. Hello, i recently realized i wasn't getting tickets notifications and i found they all going to spam which is bad because i dont get any notifications on that which brings about delay in ticket replies. I have piped the department emails to my live (microsoft) email.
  15. If you can get the whois for cv to work then you can set email notification(navigate to settings>>products>>domain registrar). activate and configure email notifications from the options. Now when your customers search and available they can place order with you normally just like other extentions then WHMCS will send you email notification without customer knowing . Then you login to WHMCS admin dashboard, find client details used to place the order then quickly go to the .cv registrar and use same details to place order manually and set nameserver as well. Done!!
  16. If If they dont have then you have to buy manually from the registrar
  17. Oh no, some domain registrars provide a plugin you can use... i use namesilo for instance. you signup on their site or contact the provider and ask them if they have a plugin for WHMCS to resell domain. Some have, some doesn't have.
  18. Yep!... i think it is the same issue. Your hosting provider has limited port 43 whois access. Sorry about that.
  19. Hey , sorry i didnt see the last line of your post where you mentioned .cv extension. Well, i did a little digging on the .cv extension. Kindly try "uri": "socket://whois.dns.cv"
  20. which whois (extension ) do you want to add?.....You need to find the main registrar for that extension. for instance, if you need a cctld like .gh extension you will go to the main registrar which is http://nic.gh/ then perform a whois search of a domain with that extension(.gh) and you might find the whois url for the at extension just like the image i just uploaded. If you dont find it in the results, kindly contact them and they will provide
  21. i just tried it out so now waiting for a while to see if it fixed it. Secondly, When clients signup or login, their last login ip or signup ip is always same...looks like the ip address of my hosting privider(different from ip i was allocated)
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated