desynced

Seriously, I know the last couple of years have been nothing but headaches with WHMCS, but why cant they follow guidelines for Unsubscribe information on their spammy emails? (Enom, PayPal, etc) It's going to be nice when you all will have yet another security update that people will miss because your emails are going to the spam folder because you guys cant follow simple guidelines.

Ooops. I searched for ResellerClub but didnt think it was multiple registrars. Thank you.

WHMCS Version: 5.3.5 I'm using ResellerClub and twice this week we're having problems with transfers. This time it's with GoDaddy. Confirmed the domain is not locked on GoDaddy's side. The customer enters the authorization code from GoDaddy: 2C4.28013BC&4649 Everything goes through till the email coming from ResellerClub with the authorization link. Click on it, and it says the transfer is initialized. Almost immediately I get an email saying: I've tried it twice through WHMCS, I copied and pasted the authorization code and typed it in manually. Both times it says the code is wrong. But when I sign into domains.whmcs.com and do the transfer through there, with the same authorization code, the transfer goes through just fine.

Another bug: Using the ResellerClub module, WHMCS 5.2.1 says domains are successfully renewed. When you log into RC, the domains are not getting renewed. (Double checked that the API code was correct). (Edit: This part is not a bug. Read update notes at the bottom if you are having this problem) Also on our nightly cron job to sync the expiration dates with WHMCS, we get the error: Down for Maintenance An upgrade is currently in progress... Please come back soon... Also visiting the module in a web browser shows the same error. https://domain.com/whmcs/modules/registrars/resellerclub/resellerclubsync.php WHMCS is not set in maintenance mode. Update: This one is my fault. I must of overlooked the new cron changes in the change log. This module was removed and the new crons are in the /crons/ directory.

http://docs.whmcs.com/Payment_Gateways#Merchant_Gateways

Our's said there was an update available till we upgraded to 5.2.1 (we were using 5.1.4).

Just a FYI, I was able to submit a ticket finally and they are logged into my server and checking out the issues.

We got the security notice today and upgraded our system to 5.1.4. It was working fine but noticed WHMCS still said there was an update available and found out 5.2.1 is now stable. We upgraded to 5.2.1 using the instructions (extract, rename admin folder, backup database, upload and overwrite files/folders). Now admin account can no longer log in, saying invalid password. Using the Forgot Password link, we enter the admin email address, get the link to reset the password, and we get the error "Invalid or Expired Link Followed. Please try again.". Tried it a couple more times, each link causing the same error. So we tried to log into a user account, still got an invalid password. Did the reset password link on that page, got the email, clicked it, this time it says "Password Reset Successful" but we do not get an email telling us what the new password is. Been trying to enter a ticket but when we submit the ticket, we get the error: Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Same here. New orders using PayPal have been working fine and subscription payments are working also.

Sorry, I meant "Click log in as a current customer" not actually log in as a current customer. Then log in as a customer that does not have an account on your WHMCS system.

Can someone try this for me? Go to WHMCS's customer portal. Check a domain name, add to cart. Do the options and name servers, update cart. Log in as a current customer. When you sign in, use a email address and password that ISNT registered in your WHMCS. Does it take you to /cart or /cart.php? Mine is taking me to /cart?incorrect=true This is the only way I can duplicate it (above steps). If I sign in as a current customer with the correct info, it works fine.

I was thinking nulling out the tables would do it, but was making sure it didnt screw up WHMCS or I was missing a button/setting somewhere. Thanx

We're no longer keeping credit card details on WHMCS. So we set the option not to store it. But the credit card info is still there. Is there an easy way to remove all CC details from all customers at once instead of going one by one and removing it?

Uhh yeah, there's already a thread on this. http://forum.whmcs.com/showthread.php?47668-Password-reset-link-not-working

That's what I'm trying to do. My original password is not working. Thus why I need to do a password reset.

8 hours later, I have not received any emails and I did the password reset twice last night. Checked spam folders, nothing but Russian pill spammers in there. Getting all other emails just fine. I know Matt has been changing servers, etc, for WHMCS, but is anyone sure the new IP address for the forums isnt on any of the major blacklists? (SpamCop, etc) If so, now I can see why I'm not getting any of the emails.

So what does the gateway log say why its being declined?

Same problem here. Reset password and no email is coming (at least for 20+ minutes now). But I'll wait longer.

Wow, seriously? You all have to order a new credit card. Are you seriously running a business with just 1 credit card available? Is this even really a business or a hobby? The license issue only effected your /admin/ login, not your customers. Everything on the customer side (taking orders, making tickets, reading your announcements, etc) works just fine. Funny how none of the larger hosting companies using WHMCS arent on here complaining about any of this. But then again, I'm sure they're not running their "business" with 1 credit card. If its this much of a problem, take some cash out of the bank, go to Walmart, get a prepaid Visa debit card, and run your business from that till PayPal sends you a new debit card. sheesh. This is as bad as the hosting "businesses" even posting WHMCS has been hacked in their announcements. Why even bring this up if it doesnt effect them? "HerpDerpHost: Our billing software website got hacked. But your info is ok!" Yeah, lets cause fear and confusion to your customers, good business practice!!!

Reading this thread has popped up a question I have to ask? How long have you all been in business? The ranting of WHMCS isnt going to go on anywhere. This stuff happens, welcome to the internet. First day here? I can remember around 2000 that really nothing was safe. Exploit here, exploit there, etc. The only safe way is to store everything in something like Quickbooks on a computer that doesnt even connect to the internet. But then you wouldnt have 90% of the features that WHMCS does for you would you? ClientExec. v2.x This was our first major "web based" system. We have a few RackShack servers and a couple scattered around. Then our data in this kept screwing up. For days we couldnt figure out why things were disappearing and changing. Then finally it was known.. http://secunia.com/advisories/17756/ With that, plus other bugs, we decided to move on. ModernBill v4.x It was great but some serious exploits were coming out. Cross scripting, remote exploits, etc were a big fad. Our ModernBill system got hacked while waiting for those guys to come out with a patch. Not only did they get our data, but they took full control of that server. I would say we had a couple dozen dedicated servers with RackShack (before ThePlanet) and maybe another dozen scattered around at other datacenters back then. So we have quite a few customers we have to contact with the "Sorry, but our software has been hacked and now the internet has your credit card info" emails. We lost about 40% of our customers from that. Then ModernBill 5 came out. Some of you might know how much that version was. http://secunia.com/advisories/32529/ Shortly after this, then we were having customer sites getting hacked with an exploit through the control panel we were using... Ensim. Lost more customers. So we migrated to LXAdmin's control panel. Major exploit comes out. The main dev of it commits suicide. Yeah, no fixes and everyone is confused if LXAdmin is even going to get updated, by who, etc. Guess what? You guessed it. More customers calling and emailing and leaving. Yeah, its time to move on. Now we're a DirectAdmin and CPanel shop. Both been great since then. After posting on several forums about what is good, there's WHMCS that people are recommending over and over. I check their site, they support everything I need (payment, control panels, etc) and they've been great. I havent had any problems in 3+ years with their product (well maybe some minor upgrade hickups) and right now their web site got hacked, but not by an exploit or bug in their software. By this and the ignorance of HostGator (still not confirmed?), they were able to access WHMCS's main database, site, cpanel, etc. Then they put it on the internet. I found out when I get a call from an admin asking if I've logged into WHMCS yet that morning. I told him no, and he said when I do, check out the news feed inside. Yes, the feed from Twitter. Right away I assumed my WHMCS setup was hacked. After 2 - 3 minutes of extremely high blood pressure, I finally realize that it's not me, but WHMCS's site. So, I read the twitter feeds which several feeds besides the hacker is releasing news about WHMCS being hacked just scrolling by. You have thousands of people on the internet that is now the reporters of the world. Blogs, news sites, forums, etc all posting about WHMCS being hacked and linking screen shots of the defaced site, links to the files, etc. So yeah, I did download the files. I am so sorry that I wanted to see what they got and is it any way going to concern me and my business. For anyone ranting "Shame on you people downloading...", why are you not concerned if your info is inside? At the time I couldnt log into WHMCS to see EVERY ticket I've made over the years to see what info I supplied them. Do they have my admin password? I know I make temp accounts and when the job is done, delete the accounts, but did I ever have to give them a MySQL username and password? Root's password? I'm 99.9% sure I didnt, but.. damn right I am going to download these and see what data is now freely available to thousands or millions of people that would do something dishonest with either my credit card or any ticket information. Now it's when I have to see the bottom line. Yes, I may have to call and get a new card. I have others. I can wait a couple weeks for a replacement. I would hope you would too. But I would also hope you are smart to change passwords often. I would hope you are smart enough to make temp accounts for WHMCS to use and deleted them when they finished whatever they needed to do. If you did, any ticket info is invalid since passwords have changed, accounts are gone, etc. Yeah, I now have a text file/database full of credit card numbers, names, addresses, phone numbers, etc. Am I stupid enough to risk the rest of my life and use any of this information illegally? No. Just like I would hope all of us wouldnt and just wanted to see if any information would effect them. We're the ones effected, we're not the ones that have never even used WHMCS, never heard of it, dont care what WHMCS is, just get the credit card numbers and roll! So shame on me? Whatever. I did what was best for me and my family and my business and that was to see if all 3 of those are safe. Actually now I'm not even sure why I downloaded the other 2 files (whmcs site files and whmcs cpanel files) since I could really give a s**t about those 2. I have WHMCS and CPanel, except the DB link wasnt working for a while so I thought maybe the DB was included in one of the other two. Is this going to effect me? Wow, I spent a couple minutes changing my WHMCS.com password and changing passwords for anything that had to do with my WHMCS setup. Did I need to change my WHMCS passwords? No, but it just made me feel a little better inside with everything going on. Is this going to effect my business? I doubt it. My customers data is still safe. I dont have to send another "Oh no. I been hacked again. Your credit card isnt just yours any more." emails to my customers. Im not going to lose a bunch and have financial problems for the next several months because of this. I can still use WHMCS. You pissed off? You want to leave WHMCS? Fine. Go ahead, really. Now I'm wondering how many of you are even stable enough to run a business. Do you only have 1 credit card or debit card running your whole business? What if you lost your wallet? This crap is only effecting you. Not your customers. Not your business.

I have a friend that used InternetSecure for 4 months before cancelling with them (confusion regarding answers with presales questions, it was my friends fault more than InternetSecure) and he didnt have any of these problems. Its kind of hard to believe these statements as they are recommended so highly on several sites like WebHostingTalk and no one else has posted anything like this. If it was a Authorize.net reseller like OnlineDataCorp, eDataOnline, whatever name they are using now, then I would believe it more (but thats another story). As a side note, my friend and I both are using First Data now and have been very happy since we've been with them. If they are partnered with your bank, you can get some huge discounts with them.

Well if you read the news feed inside of your WHMCS install, you have links to the DB, their website files, and their CPanel files. DB in rar (compressed) is 64MB, but the database itself is 806MB. WHMCS web site in rar is 249MB. "All WHMCS files including CPanel" in rar is 1.7GB. So on that note, I think they got mostly everything. Also opening this in Notepad or Write makes Windows cry. I found things by uploading it to a linux box and greping everything (last name, etc).

Is there a log file somewhere to see why WHMCS is not suspending accounts on some DirectAdmin servers?

Not sure what effects this will take on WHMCS, but thought I would pass it on in case you guys need the time to fix anything. I do have a few customers that pay with a Mastercard prepaid card. New MasterCard and Discover Processing Requirements Dear Authorize.Net Merchant: MasterCard and Discover are modifying their rules concerning the processing of debit, prepaid and gift cards. This e-mail includes important information about the new requirements and the timelines regarding Authorize.Net's support of the requirements, so please read it thoroughly. MasterCard's rule changes go into effect May 1, 2010, and Discover's rule changes go into effect April 16, 2010. However, Authorize.Net, MasterCard and Discover have worked together to extend these dates for all merchants using Authorize.Net solutions. Our merchants will now have until June 30, 2011, to implement support for the requirements within their systems. What are the requirements? MasterCard and Discover are requiring that all merchants support the following: + Balance response transactions — For prepaid and gift cards, once the card has been used, the remaining account balance will be transmitted along with the authorization response. The remaining balance must be printed on the customer receipt, displayed on the Web page or point-of-sale terminal, or both. + Partial authorization transactions — When a customer's transaction amount exceeds the balance available on their debit, prepaid or gift card, instead of declining the transaction, a partial authorization for the amount available to the customer will be returned. This will allow the customer to pay for the remaining amount with another form of payment. This is called a split-tender transaction. + Authorization reversals — An authorization reversal is a real-time transaction initiated when the customer decides that they do not want to proceed with the transaction, or if the merchant cannot complete the transaction for any reason. Authorization reversals free up the customer's available balance on their debit, prepaid or gift card. What steps is Authorize.Net taking to support these requirements? Authorize.Net will be updating our systems over the coming months to support the requirements, but will be dependent on each processor's readiness. For a table of when we anticipate we will support the requirements with each processor, please visit http://www.authorize.net/support/pafaqs/#when. What do I need to do to support the requirements? The steps that you will need to take to support the requirements depend on how you connect to the payment gateway. For example, if you connect using a shopping cart, point-of-sale device, or other solution, you will need to contact your solution provider to confirm that they will be supporting the requirements. If you connect using a direct integration, you should contact your Web developer for assistance. Please direct your Web developer to http://www.authorize.net/support/pafaqs/#do for information on the changes they will need to make. Do I have to support the requirements? MasterCard and Discover are requiring all merchants to support the requirements with the exception of merchants that exclusively process transactions via batch uploads, mail order/telephone order (MOTO), or recurring payment transactions. Your Merchant Service Provider (MSP) is ultimately responsible for determining if the requirements apply to your business, so please contact them for assistance in determining if your company is exempt. Once again, these requirements will not be enforced for Authorize.Net merchants until June 30, 2011. However, we wanted to bring them to your attention now so that you have plenty of time to plan for their implementation. For more information on the requirements, including how they affect our value-adding services, please visit our FAQ page at http://www.authorize.net/support/pafaqs/. Thank you for your attention to these important changes and for being an Authorize.Net merchant. Sincerely, Authorize.Net

Seeing if the upgrade is worth it would be nice.