Jump to content

WHMCS-CSF Auto Unblocking Module - Let you customer unban themselves - Save 25%


Recommended Posts

Are your clients, resellers or resellers' clients always locking themselves out from your server because of too many failed logins?

 

Is your help desk always filled with IP unblocking requests?

 

With the WHMCS-CSF Auto Unblocking Module you can now give the unblock power to your hosting clients.

 

Module Features

 

  • Remote calls without needing SSH access (root access is needed initially to setup the permission and ownership for the files and the cronjobs)
  • No special PHP extension is needed
  • External access safe (Hash is checked before anything is executed)
  • Check for both deny list (csf.deny) and temp ban list (csf.tempban)
  • Email notification to the admin when a CSF rule is being taken off the list
  • Regular hosting user and reseller hosting user mode (the mod will automatically get the regular hosting user, while reseller hosting user will the option to search for a client's IP address in the block list)
  • Customizable messages
  • Template integration

 

Requirements:

 

  • Working installation of WHMCS
  • Root access (need for remote server setups, not needed for encoded module operations)
  • Two or more servers with CSF installed (the WHMCS installation should not reside on the same server as your clients)
  • Remote servers must be HTTP accessible
  • Cronjobs must be working on remote servers
  • mail() must be enabled for admin notification

 

Pricing Information:

 

Yearly Leased - $29.99 per year - [Order]

Owned with 6 months support + updates - $45.99 - [Order]

 

 

If you have any questions, feel free to contact us

 

Screen Shot 1 - Admin Management

Screen Shot 2 - Reseller client

Screen Shot 3 - Regular Client

Screen Shot 4 - Client when suspended (checking disabled)

Screen Shot 5 - Blocked Message (customizable)

Screen Shot 6 - Unblock success (customizable)

Edited by bear
by request
Link to comment
Share on other sites

  • Replies 184
  • Created
  • Last Reply

Top Posters In This Topic

Hi,

 

I'm interesting in your module

 

What are the difference with this module ? http://whmcsgold.com/csffirewall

 

Is the source available ?

 

Regards,

 

Michel LAURENT

 

The concept is the same, but the codes are completely different. We developed this mod completely from scratch. But I have heard the support is non-existence from the forum posts that I have read for the other product.

 

The source is not available. Except for one php file which runs as root.

Edited by lonea
Link to comment
Share on other sites

Is it possible to buy the source ?

 

I'm asking this because I buy encrypted code in the past and the problem is that you depend of the developer for the updates. So I don't want to do this again...

 

Is a demo or trial version available ?

 

Thanks,

Link to comment
Share on other sites

Is it possible to buy the source ?

 

I'm asking this because I buy encrypted code in the past and the problem is that you depend of the developer for the updates. So I don't want to do this again...

 

Is a demo or trial version available ?

 

Thanks,

 

We understand how you feel about encoded script. However given the low price point for this module. It wouldn't make sense if we offer the source to you. As usually the source codes usually go for couple times of the product sale price. For that price you could have easily gotten a freelancer and write a similar mod.

So please understand our stance on this.

 

We also dont plan on stopping the support of this module anytime soon. Unless the mod itself is EOL and we are writing an updated script from scratch.

 

We can offer you a trial for the module. Please contact our sales to get it setup.

Link to comment
Share on other sites

I'd say it's a bit of both. The other CSF unblocker just required you to upload two files and add a cron, it didn't need any accounts created, passwords setup etc etc.

 

Understandable. I think we just gave too many available options which made the install longer than it should be.

 

For example, we didn't need to add the web inaccessible path and the different password for each server. But then it is for added security.

Link to comment
Share on other sites

Is the installation instructions just not well written or is the install too cumbersome ?

 

I'd say it's a bit of both. The other CSF unblocker just required you to upload two files and add a cron, it didn't need any accounts created, passwords setup etc etc.

 

 

I would agree with Daniel there.

 

The instructions (for an average admin) are not easy to understand.

 

Experienced admins wont have any issues installing this, however the install is quite time consuming.

 

We've got this now running on all our shared servers for cPanel and so far, so good, but yes, very time consuming to install/configure, especially for those with a large number of servers.

 

That said, it would be ideal if you could add the ability for the script to distinguish between Plesk/cPanel servers, as we have cPanel servers and Plesk servers. The plesk servers do not run CSF and yet the unblock option is available to those customers, so it would be good if the script could identify this and remove the unblock option for Plesk servers.

 

I'm not coder, so I have no idea of how this could be done, but I'm certain it could be.

Link to comment
Share on other sites

I would agree with Daniel there.

 

The instructions (for an average admin) are not easy to understand.

 

Experienced admins wont have any issues installing this, however the install is quite time consuming.

 

We've got this now running on all our shared servers for cPanel and so far, so good, but yes, very time consuming to install/configure, especially for those with a large number of servers.

 

That said, it would be ideal if you could add the ability for the script to distinguish between Plesk/cPanel servers, as we have cPanel servers and Plesk servers. The plesk servers do not run CSF and yet the unblock option is available to those customers, so it would be good if the script could identify this and remove the unblock option for Plesk servers.

 

I'm not coder, so I have no idea of how this could be done, but I'm certain it could be.

 

Points taken. We will write a mass deploy script once we have finish this up coming update. This new update does include a sync finish which will import all the listed servers in WHMCS to our module.

 

The plesk problem can be solve by changing this code in the template file.

 

{if $type == "hostingaccount" && $status =="Active"}

 

to

 

{if $type == "hostingaccount" && $status =="Active" && $modulename == "cpanel"}

 

 

Just change it to all three occurrence in the template.

 

Thanks for all the support so far. Cheers :)

Link to comment
Share on other sites

Ionea,

 

Just a small change/addition/modification to your template coding so it looks a little prettier to the customer:

 

The below code is specific to users who have both Plesk and cPanel servers and only want to show the CSF removal module to cPanel only customers:

 

Replace:

{if $type == "hostingaccount" && $status =="Active" && $modulename == "cpanel"}


{php}$clientip = $_SERVER["REMOTE_ADDR"]; 
$clients = getclientsdetails ($_SESSION['uid']);
$_SESSION["hash"] = $clients["password"];
$_SESSION["hash"] = md5($_SESSION["hash"]);
{/php}

{if $type == "hostingaccount" && $status =="Active"}
<form action="csf_checkban.php" method="POST">
<input type="submit" value="Check Firewall Block" name="firewall">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">
<input type="hidden" value="yes" name="single">
</form>
{/if}

{if $type == "reselleraccount" && $status =="Active"}
<form action="csf_checkban.php" method="POST">
<input type="submit" value="Check Firewall Block" name="firewall">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">
<input type="hidden" value="yes" name="single">
</form>
<form action="csf_checkban.php" method="POST">
<input type="text" name="clientip" size="15">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="submit" value="Reseller: Search Client IP" name="firewall">
<input type="hidden" value="yes" name="reseller">
</form>
{/if}

 

With

 

{php}$clientip = $_SERVER["REMOTE_ADDR"]; 
$clients = getclientsdetails ($_SESSION['uid']);
$_SESSION["hash"] = $clients["password"];
$_SESSION["hash"] = md5($_SESSION["hash"]);
{/php}



{if $type == "hostingaccount" && $status =="Active" && $modulename == "cpanel"}
<table cellpadding="4" cellspacing="4" align="center" class="frame">
<tr><td class="fieldarea">
<center><font color="red"><strong>Cannot connect to the server? Read below for information</strong></font></center></td></tr>
<tr><td>We enforce a strict security and firewall systems on all of our servers to prevent abuse and attacks from outside of our network. If you are unable to connect to your server/account at the moment, please click the <b>Check IP Status</b> button below to check if you are blocked in our firewall.
<br /><br />If blocked, you will be able to request an automatic unblock from our firewall.</p>You should be able to access the server within 10 minutes of clicking the button below. Please make sure you do not have any FAILED log in attempt afterwards. Our firewall trace every single failed log in attempt to your account. This includes, failed attempt to access FTP, cPanel, and email.</td></tr>
<tr><td><center>

<form action="csf_checkban.php" method="POST">
<input type="submit" value="Check Firewall Block" name="firewall">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">
<input type="hidden" value="yes" name="single">
</form>
</center>
</td></tr></table>
{/if}

<br />

{if $type == "reselleraccount" && $status =="Active" && $modulename == "cpanel"}
<table cellpadding="4" cellspacing="4" align="center" class="frame">
<tr><td class="fieldarea">
<center><font color="red"><strong>Cannot connect to the server? Read below for information</strong></font></center></td></tr>
<tr><td>We enforce a strict security and firewall systems on all of our servers to prevent abuse and attacks from outside of our network. If you are unable to connect to your server/account at the moment, please click the <b>Check IP Status</b> button below to check if you are blocked in our firewall.
<br /><br />If blocked, you will be able to request an automatic unblock from our firewall.</p>You should be able to access the server within 10 minutes of clicking the button below. Please make sure you do not have any FAILED log in attempt afterwards. Our firewall trace every single failed log in attempt to your account. This includes, failed attempt to access FTP, cPanel, and email.</td></tr>
<tr><td><center>

<form action="csf_checkban.php" method="POST">

<input type="submit" value="Check Firewall Block" name="firewall">

<input type="hidden" value="{$server.ipaddress}" name="ip">

<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">

<input type="hidden" value="yes" name="single">

</form><br /><b>Attention Resellers</b><br /><br />If one of your clients is having trouble accessing the server, you can search for and remove their IP address from our firewall also. Simply enter their IP into the box below and select the <b>Reseller:Search Client IP</b> and the system will check if their IP is blocked. If it is blocked, you will be given the option to remove it. The same removal conditions apply.<br /><br />

<form action="csf_checkban.php" method="POST">
<input type="text" name="clientip" size="15">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="submit" value="Reseller: Search Client IP" name="firewall">
<input type="hidden" value="yes" name="reseller">
</form>
</form>
</center>
</td></tr></table>
{/if}

 

Hope this helps others :)

 

Cheers,

 

Dale

Link to comment
Share on other sites

Works perfectly now :)

 

Some suggestions -

 

- Allow client or reseller to request whitelisting IP

- Instead of adding the server name to the end of the messages, add a definition so we can customise the messages properly

- Show unbanning and whitelisting log in the admin area.

Link to comment
Share on other sites

Ionea,

 

Just a small change/addition/modification to your template coding so it looks a little prettier to the customer:

 

The below code is specific to users who have both Plesk and cPanel servers and only want to show the CSF removal module to cPanel only customers:

 

Replace:

{if $type == "hostingaccount" && $status =="Active" && $modulename == "cpanel"}


{php}$clientip = $_SERVER["REMOTE_ADDR"]; 
$clients = getclientsdetails ($_SESSION['uid']);
$_SESSION["hash"] = $clients["password"];
$_SESSION["hash"] = md5($_SESSION["hash"]);
{/php}

{if $type == "hostingaccount" && $status =="Active"}
<form action="csf_checkban.php" method="POST">
<input type="submit" value="Check Firewall Block" name="firewall">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">
<input type="hidden" value="yes" name="single">
</form>
{/if}

{if $type == "reselleraccount" && $status =="Active"}
<form action="csf_checkban.php" method="POST">
<input type="submit" value="Check Firewall Block" name="firewall">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">
<input type="hidden" value="yes" name="single">
</form>
<form action="csf_checkban.php" method="POST">
<input type="text" name="clientip" size="15">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="submit" value="Reseller: Search Client IP" name="firewall">
<input type="hidden" value="yes" name="reseller">
</form>
{/if}

 

With

 

{php}$clientip = $_SERVER["REMOTE_ADDR"]; 
$clients = getclientsdetails ($_SESSION['uid']);
$_SESSION["hash"] = $clients["password"];
$_SESSION["hash"] = md5($_SESSION["hash"]);
{/php}



{if $type == "hostingaccount" && $status =="Active" && $modulename == "cpanel"}
<table cellpadding="4" cellspacing="4" align="center" class="frame">
<tr><td class="fieldarea">
<center><font color="red"><strong>Cannot connect to the server? Read below for information</strong></font></center></td></tr>
<tr><td>We enforce a strict security and firewall systems on all of our servers to prevent abuse and attacks from outside of our network. If you are unable to connect to your server/account at the moment, please click the <b>Check IP Status</b> button below to check if you are blocked in our firewall.
<br /><br />If blocked, you will be able to request an automatic unblock from our firewall.</p>You should be able to access the server within 10 minutes of clicking the button below. Please make sure you do not have any FAILED log in attempt afterwards. Our firewall trace every single failed log in attempt to your account. This includes, failed attempt to access FTP, cPanel, and email.</td></tr>
<tr><td><center>

<form action="csf_checkban.php" method="POST">
<input type="submit" value="Check Firewall Block" name="firewall">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">
<input type="hidden" value="yes" name="single">
</form>
</center>
</td></tr></table>
{/if}

<br />

{if $type == "reselleraccount" && $status =="Active" && $modulename == "cpanel"}
<table cellpadding="4" cellspacing="4" align="center" class="frame">
<tr><td class="fieldarea">
<center><font color="red"><strong>Cannot connect to the server? Read below for information</strong></font></center></td></tr>
<tr><td>We enforce a strict security and firewall systems on all of our servers to prevent abuse and attacks from outside of our network. If you are unable to connect to your server/account at the moment, please click the <b>Check IP Status</b> button below to check if you are blocked in our firewall.
<br /><br />If blocked, you will be able to request an automatic unblock from our firewall.</p>You should be able to access the server within 10 minutes of clicking the button below. Please make sure you do not have any FAILED log in attempt afterwards. Our firewall trace every single failed log in attempt to your account. This includes, failed attempt to access FTP, cPanel, and email.</td></tr>
<tr><td><center>

<form action="csf_checkban.php" method="POST">

<input type="submit" value="Check Firewall Block" name="firewall">

<input type="hidden" value="{$server.ipaddress}" name="ip">

<input type="hidden" value="{php}echo $clientip;{/php}" name="clientip">

<input type="hidden" value="yes" name="single">

</form><br /><b>Attention Resellers</b><br /><br />If one of your clients is having trouble accessing the server, you can search for and remove their IP address from our firewall also. Simply enter their IP into the box below and select the <b>Reseller:Search Client IP</b> and the system will check if their IP is blocked. If it is blocked, you will be given the option to remove it. The same removal conditions apply.<br /><br />

<form action="csf_checkban.php" method="POST">
<input type="text" name="clientip" size="15">
<input type="hidden" value="{$server.ipaddress}" name="ip">
<input type="submit" value="Reseller: Search Client IP" name="firewall">
<input type="hidden" value="yes" name="reseller">
</form>
</form>
</center>
</td></tr></table>
{/if}

 

Hope this helps others :)

 

Cheers,

 

Dale

 

Thanks for the codes. I have created a screen shot of what it would look like :)

 

ss7.JPG

Link to comment
Share on other sites

Works perfectly now :)

 

Some suggestions -

 

- Allow client or reseller to request whitelisting IP

- Instead of adding the server name to the end of the messages, add a definition so we can customise the messages properly

- Show unbanning and whitelisting log in the admin area.

 

 

 

-Thanks for the suggestion. But we didn't put in whitelisting request for several reasons.

 

A) Whitelisting IP will and should require admin approval. So it doesn't make sense for us to put that into this mod.

B) People will abuse the module and start requesting to whitelist their IP as soon as the first time they are blocked off.

 

However, given those reasons. It doesn't mean we won't implement it in the future if there are enough request for it.

 

-Yes, we are working on a message parser now. That will differentiate what type of ban it is currently, so the customer will know what they did wrong for the non tech savvy users.

 

- This will be possible. One reason we didn't include any type of history/log into the module and used the email notification instead is because we don't want to put unnecessary strain on the WHMCS database.

Link to comment
Share on other sites

 

The source is not available. Except for one php file which runs as root.

 

We would also be interested in this product if the source was available. As soon as WHMCS becomes PA-DSS certified (which will be a requirement later this year) adding in an encrypted module will cause it to be uncertified (or at least that is what we believe to be true). So any mods that are added to WHMCS would have to be in source code form so we could have them PA-DSS certified (unless you plan on doing that ;-) ).

Link to comment
Share on other sites

We would also be interested in this product if the source was available. As soon as WHMCS becomes PA-DSS certified (which will be a requirement later this year) adding in an encrypted module will cause it to be uncertified (or at least that is what we believe to be true). So any mods that are added to WHMCS would have to be in source code form so we could have them PA-DSS certified (unless you plan on doing that ;-) ).

 

Thanks for your concern.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated