Jump to content

IoxHost

Member
  • Content Count

    34
  • Joined

  • Last visited

Community Reputation

0 Neutral

About IoxHost

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Just about to reply to your support ticket..
  2. Just to clarify, this community account is the owner of WHMCSnow.com (you are not allowed to have "WHMCS" within a username on here. WHMCSnow.com does store a license key which works correctly to prevent calls to the server often. The issue occurred for a few customers who was unlucky enough to have the local key expire and the licensing server returning a 500 ISE due to an issue with an upgrade. The issue with the grace period would occur to anyone who uses the WHMCS license system, and the customer local key just expiring at the same time as there is an issue with the license check. You can see this is an issue as it has happened to WHMCSnow.com and BusyRack as reported by Chris74. We have patched the issue with the grace period for our own addons in the chance that the licensing server has an issue again. We use a highly customized version of the WHMCS Licensing System which is why this affected us. The method you said regarding using the WHMCS license key works and is what WHMCSnow.com uses.
  3. I would say this is an issue as many developers base their code from the check_sample_code.php file, it has not only affected my customers but BusyRack 's as wekk. It took me a couple of days to find this issue and to resolve it. The issue occurs when the local key is invalid and the remote server check fails. WHMCSnow.com uses license keys to validate instead of IP/domains for the reason you mentioned. I don't think this causes a security issue if hashed in a 1 way encryption with a seed, WHMCS license keys are linked to a server and would need to be re-issued in WHMCS billing platform before they would be any good to anyone.
  4. So in the /modules/servers/licensing/check_sample_code.php file which is how a developer would license their addon you can see the following. Line 53, $check_token is generated which is a MD5 hash. The licensing server uses this $check_token along a secret key and returns this as an md5 hash which is then store in your local license. Line 60, within this if statement it checks to see if this local license is valid, lets say this has expired, as it has expired a remote license check needs to take place. Line 98, within this if statement the remote check will take place. Line 150, within this if statement, you can see if the response code from the server is not 200 then it will see if the local key is within the grace period, if it is then that license will be set. Line 170, within this if statement is where the issue occurs, the local key has a md5hash so this if statement is run. Line 171, The md5hash from the local license is checked compared to the $check_token which is generated on line 53, which is different each time the script is run. The $check_token will never match the md5hash in the local key which renders there no grace period in the licensing system.
  5. This confirms the issue that I found and reported in the WHMCS Licensing System. WHMCSnow.com released an update last month which fixes the issue which causes the grace period not to work.
  6. The issue with our website was to an upgrade and then our antivirus periodically removing one of WHMCS' core files. With regards to the issue with the grace period, we have found and patched an issue with the WHMCS' Licensing Addon which renders no grace period if the license is expired and the license server is not responding correctly. I have reported this issue to WHMCS and they have created a CaseID: ADDON-6030 to investigate this issue further.
  7. Hi Tod, It is your decision to decide if you think it is safe to use a 3rd party developers code on your site. I created this module and I plan to keep my reputation that I have built online. Daniel Collins BSc (HONS)
  8. I will have this implemented in the next update, along with skipping certain file extensions.
  9. I have updated the download link so you can use the same loaders as set out in the WHMCS system requirements.
  10. Can you upgrade your ionCube loader? I'm trying to get a new encoder which will allow an older loader.
  11. Some good tips there, WHMCS' Official Further Security Steps can be found here
  12. Same with Windows and a Mac
  13. Security is vital within any business and is something that needs to be actively monitored. The File Monitor for WHMCS will scan your WHMCS files recognising when a file has been modified, created or deleted and then notify you via email. Features: Records files MD5 (and/or) SHA fingerprint Notification when file has modified Notification when a file has been created/uploaded Notification when a file has been removed/deleted For more information, screenshots and support, click here
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated