Jump to content


Level 2 Member
  • Content count

  • Joined

  • Last visited

Community Reputation

19 Good

About penguin

  • Rank
    Level 2 Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. penguin

    cPanle redirection

    You would normally redirect to the hostname of the server or otherwise the user will get an SSL warning as the certificate will not match the url or IP address that you are redirecting them to. WHM itself also has redirect settings in the tweak settings section and will normally redirect to the hostname as well from there, so even accessing it by it's IP address it will then redirect to the SSL secured hostname
  2. penguin

    selling a dedicated IP address with hosting account

    You need the Configurable Package Addon in order to be able to automatically provision IP addresses: https://docs.whmcs.com/Configurable_Package_Addon https://marketplace.whmcs.com/product/30
  3. penguin

    cPanel Password Security

    cPanel passwords are visible in plain text under the username field when viewing the product details, which is where I assume the issue has arisen from. My previous comment still stands though - someone shouldn't have got that far anyway so the root cause of that access needs to be determined.
  4. penguin

    cPanel Password Security

    > How can this be prevented in future? My question would be how was your WHMCS installation compromised? If they had access to either your database or WHMCS admin access then encrypted passwords is the least of your worries as you would still have full access to everything else - an encrypted password with an WHMCS admin exploit would still allow someone access to the hosting accounts via single sign on, password reset, etc. You need to determine how this happened from a WHMCS perspective and secure this accordingly.
  5. penguin

    Time Based 2FA Not Working Anymore

    Have you checked the time on your server? This needs to be synchronised with a time server as drift will cause this to fail, being time based tokens
  6. WHMCS have come back to me regarding this and there is now a case CORE-12285 regarding this issue. They have suggested in the meantime creating a dummy £0.00 invoice to prevent clients from being deleted, however this isn't practical for general use as it would be confusing for customers having a zero priced invoice created and also it would mean tracking these as and when they sign up.
  7. We've been testing the new "Automatically Delete Inactive Clients" function that was implemented as part of the GDPR enhancements to automatically remove clients who did not have an invoice within a defined number of months. An issue has been noted however in that if a ne customer registers an account yet does not order immediately, when the cron runs their account is deleted as they have no invoice generated within the number of months specified. I've opened a ticket with WHMCS asking for clarification on the logic surrounding the deletion process to better understand this. If you are using this function and have any customers that have either not placed an order, or maybe use an account for support tickets only then there is a good chance they are going to be deleted so please be aware until further clarification has been given by WHMCS. If this is the case, I'd be interested to see what others think should be used to enhance this - should it look at tickets or logins within the same timeframe or have a separate timeframe for these? It certainly doesn't look good if a new customer opens an account and then hours later they are deleted because they haven't ordered.
  8. penguin

    Private WHOIS Protection Module

    You mention that this is in light of GDPR, however since this has been implemented it has effectively made Whois privacy as a service worthless as whois details are now hidden automatically and at no cost to the registrant
  9. Yes, this was omitted from the upgrade. If you download the full package you can just upload that separately
  10. It's because they are not passing a user agent with the curl request and so this blocks it. A simple fix but nothing from them for this yet
  11. We've got a bug open with WHMCS regarding this - the issue is that the check triggers a modsecurity rule as it's not using the correct curl syntax when checking the certificate. It's either a case of whitelisting the rule, or waiting for a fix from them to use the correct curl commend in this check. It doesn't have any operational issues though as you know the SSL cert is working correctly.
  12. penguin

    Health & Updates : Warnings and Failures

    For info, I've got a bug filed against this (#CORE-10834) - the reason this is often being seen is that the curl command is triggering a mod security rule due to no useragent being passed with the curl connection, therefore as WHMCS does not see a 200 response it shows as an SSL issue.
  13. penguin

    curl system health

    That's just a list of what they offer - you would need to check with them if they actually keep the packages up to date as the version numbers won't change for most of these
  14. penguin

    curl system health

    It's safe to ignore as long as you are on a Redhat/CentOS v6 server and it is fully up to date - you would need to confirm that with HostGator though if you're not managing your own server. Being a shared server however has no reflection on whether or not it is being maintained and kept up to date.
  15. penguin

    curl system health

    If you're running CentOS/Redhat v6 then you don't need to do anything. This is the shipped version and as long as your OS is up to date then this is secure. Redhat/CentOS backport fixes into the same version, therefore this will always remain as 7.19.7

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated