Alfahmad

Thanks I don't think it's server info issue, because we can manual suspension from WHMCS after we change client password. My question does the password need to be correct in order to suspend an account?

Hi How would the account suspension work? Do you need to have both the exact user name and password for each account? or only the user name no matter of the password which stored in WHMCS ? because lately we discovered that there are few accounts that expired, and there status in WHMCS are suspended, while the account is working. We though this might be due to inexact between the password stored in WHMCS and the real password where the clients might be change it from the cPanel.

Would you name few please?

Thanks Arhineus I am talking as an admin in previous version things are great .. I would love if we sort the invoices in the same way. faster ...

Hi Thanks Matt for your great work with WHMCS we just update the software to latest version and we notice that under invoices client's the old invoice show up first .. while the new invoice show last and sometimes page 2 since most of the time we deal with new invoices is there any way to show new invoices first? regards,

Matt .. when this issue will be fixed? regards,

Thanks Matt this is very important feature to many accounts not suspended due to any reason .. we usually suspended them manually when we get the report with suspended failed now we need to look for account's in the hard way

Hi before the upgrade we used to get in report which account has been suspended and if there is any suspension files now we get only how many accounts suspended ... only with no details 5 Accounts Suspended 4 Accounts Terminated is there any way to know which account has been suspended? regards,

this is the massage from WHMCS Renewal Successful! The domain has been successfully renewed for 1 Year/s but each time we need to log in to DirectI ... and complete the transaction .. as the domain under pending payment ..

Yah there is funds, and it same account we use to register a new domain and we can register a new domain with no problem .. when we click on renew domain .. we get massage .. that domain renewed successfully .. but the truth that we need to log in to DirecitI .. and complete the transaction .. as the domain usually under pending payment .. and not renewed

thanks we can register a new domain with same setting .. only we can't renew any domain

Hello it's almost more then one year with WHMCS NOW we have domains that already registered with directI last year through WHMCS .. when we need to renew those Domains .. from WHMCS .. we get a massage .. Domain renew successfully but actually the domains only in pending payment and we need to log in our control panel with DirectI and complete the payment .. any advise regards,

So, why we don't add more features .. even if your email hacked .. somthing else needed to hack your 25 servers .. and your domain reseller accounts .. a new layer of protection I do agree there is no 100% preotections .. but as many protection we have as good we are

MACscr I have the log file .. where the hacker .. first hack my Email then he just click on forget password .. and log in WHMCS as admin and then he hacked 25 servers .. plus enom and directI I have the log file .. I know the first step was my Email .. but it's that easy if some body access my Email .. he will hack 25 servers plus two domain reseller accounts .. only coz WHMCS? what I am trying to think of .. we should put more protection in server managements plus the way we can access it from WHMCS .. this is all what I am asking ..

Thanks ADAM we deal with more then 25 servers .. and when some body hack our WHMCS account he hacked 25 server plus DirectI and Enom accounts what I did in my first post is copy and past from phpmyadmin .. the passwords you can see them .. and they are non encrypted ,, this how the hacker can get an access to DirectI and Enom accounts CHOMD 777 disabled we don;t run CGI phpEXE run on our servers Suchion we do run virus and trojan scan in daily basis Register global disabled on our servers we have port limit to IP address in SSH lo gin with all of those .. if some body has an access to WHMCs admin account .. nothing of all above features will help you .. and 25 servers will hacked in 5 min's some thing that I can thing about .. log in to server management from admin area should has other password !! at least some more protections .. where we can feel safe This is an open discussion .. for every body how to improve the security in WHMCS regards,

will try to go through those steps and then you will hack the whole servers .. what ever servers linked twith WHMCS .. plus you will hack any reseller domain name account .. you will have an access to all of those .. if you hack WHMCS it's true that you should protect your WHMCS account .. but still since WHMCS will deal with all of my servers plus all of our domain reseller account .. the log in should more harder .. how could we use https log in ! with whmcs ? BTW I love WHMCS .. regards

the hacker has an access first to WHMCS then he logged in to server management then he logged in to WHM then he looked as root .. then he changed the password of particular site then he looked to this site then he looked to phpmyadmin so the first point was from WHMSC easy log in .. is there any way to increase the security at this level? regards, Ahmad

I think the problem is easy log in to WHMCS and this should be secured more ..

Regardless if there is server has been hacked or no .. the important point is .. if some body has an access to WHMCS .. as full admin .. from server managements he will have an access all servers listed there just by on click .. there is no any relation with server security with this and on other hand ... if the hacker has an access to phpmyadmin .. he can hack also all of your Domain accounts only because the hacker can list what ever password you have .. regards, Ahmad

Thanks Trine a three servers plus an account with DirectI and an account with Enom has been hacked .. because some body has an access to phpmyadmin .. will if the hacker hack only the web site .. would me much better the hacking three servers .. and 400 accounts on them .. plus domain reseller account .. only because the WHMCS store the password as clear text file on the data base

this is big problem with WHMCS if some body has an access to phpmyadmin .. and can reach the data base he can see the passwords written in the data base and he can hack all tour servers .. plus all of your domain names accounts ex: directi Username ****@****.com Edit Delete 2 directi Password dfhjeyf874e Edit Delete 3 directi ParentID 1 Edit Delete 4 directi CustomerID 45456756 Edit Delete 5 directi DemoMode Edit Delete 6 enom Username ***** Edit Delete 7 enom Password 45t87d_rg Edit Delete 8 enom TestMode also server passwords .. ect .. ect .. those passwords should be encrypted ..

Hello the directI was working with us very fine ... few days ago we notice that .. when we register a new domain .. the registration process stop after entering the name server .. and nothing appear .. then we need to register manually through the DirectI admin area .. Any clue ? Regards,

Hello there was an automatic suspension when due invoice paid .. now .. when due invoice paid .. we need to un suspend the account manually plus white blank page appear after payment made from the invoice regards,

Hi since we upgrade to V3 when ever we mark any new domain invoice to paid .. we get this massage Invalid query: Unknown column 'autoreg' in 'field list' Whole query: SELECT autoreg FROM tbldomainpricing WHERE extension='.net' regards,

Thanks wehostem I think you are right if you are using Enom but we are using directI Thanks joacts