WHMCS Hosted

[SpookedOut]

'joe-schmoe' not sure what your trying to imply there. In addition to this statement, I have great knowledge in security, especially for NetBSD based systems. That provides me with the confidence I need In order to power this.

 

If the servers let's say were to go down, the following procedure would be followed;

 

1. Instant SMS message.

2. Failure to respond to the SMS message sent, a engineer from the data center will call.

3. If call is not answered, the server is either rebooted or necessary action is taken to eradicate the issue.

 

If they don't follow the following procedure they have hell to pay, period.

 

Hope that helps.

[SpookedOut]

I'm not 'running it'. The end-user/account owner is 'running it'. There are reasons as to why I'm offering an external hosted version, If you care to read previous replies you will see why.

 

When you say I have no control over this? I have 100% control, and I shall be suspending any accounts immedietely If they breach TOS/AUP in place without failure.

 

I believe that the 'WHMCS Hosted version' would in actual fact be 'securer, safer' then hosting WHMCS yourself. Here are the reasons as to why;

 

1. Unix based OS (not linux i.e. RHEL based, gentoo etc etc..)..

2. DoS/Firewall Protection..

3. IPTables in place..

4. Packet filtering and Network Address Translation..

5. Regular Daily backups (Please don't tell me, every WHMCS user does that!?)..

 

With such a small percent of servers running NetBSD, it makes it less likely that someone will discover an exploit, find a suitable target and manage to compromise it. Hopefully that will explain this concept of 'hacking attempts'.

 

Tom

 

Again,

 

Tell me how your going to handle the security of php and apache. i can almost guarantee that i can hack all the other accounts if i had an account on your server. This is why i think its a horrible idea to ever put whmcs on a server where other people are hosting on it as well.

 

You would not be able to access anybody else's WHMCS account then your own designated account. If you were found to do such a thing.. You would be removed from the system immedietely.

 

Apache, MySQL and PHP are 'hackable' regardless of whether all the WHMCS are hosted on the same server. A TELNET script is actually in place, which prevents you accessing things you shouldn't be accessing.

[Jordan]

'joe-schmoe' not sure what your trying to imply there. In addition to this statement, I have great knowledge in security, especially for NetBSD based systems. That provides me with the confidence I need In order to power this.

 

If the servers let's say were to go down, the following procedure would be followed;

 

1. Instant SMS message.

2. Failure to respond to the SMS message sent, a engineer from the data center will call.

3. If call is not answered, the server is either rebooted or necessary action is taken to eradicate the issue.

 

If they don't follow the following procedure they have hell to pay, period.

 

Hope that helps.

 

Truth be told, you are a joe-schmoe. Noone knows who you are, what you've done, if you're trustworthy, or if you even know what you're talking about here. I would never buy from you for the soul fact that from some posts, you speak as if though you know what you're talking about, when you don't. Not only that, but as something as sensitive as this is, I would never go with it when there's nothing reputable you have already done to back this up.

 

And when I said the servers go down, I'm talking about the worst case scenerio when you back out of it and let everything die. I'm not talking about "server downtime." I'm talking about you abandoning, and shutting it all down, taking people's money, and running from it.

 

I'm not saying you WILL do that, but it MIGHT happen. I've seen it happen before.

 

I just think that this idea is just destined to go nowhere, and no matter what you try to justify security with, it's just not an idea to use with WHMCS.

[SpookedOut]

I'm afraid all web hosting companies have that issue. If hardware was to fail, system backups which were took earlier that day or whenever would be loaded from the 'backup hardrive'.

 

We have established certain hardware setups to prevent this from happening. However if all is to fail, the above is usually the last option.

 

Just to clarify, I would never 'run away' and leave customers. I don't do this 'fly by night' business style or the such in reply to your question Jordan.

[MACscr]

You would not be able to access anybody else's WHMCS account then your own designated account. If you were found to do such a thing.. You would be removed from the system immedietely.

 

Apache, MySQL and PHP are 'hackable' regardless of whether all the WHMCS are hosted on the same server. A TELNET script is actually in place, which prevents you accessing things you shouldn't be accessing.

 

You would be surprised. It actually makes a huge difference if the user is already on the server or not. HUGE difference.

 

Also, the policy about removing someone that was doing things that shouldnt is not useful as the harm would have already been done.

[SpookedOut]

You would not be able to access anybody else's WHMCS account then your own designated account. If you were found to do such a thing.. You would be removed from the system immedietely.

 

Apache, MySQL and PHP are 'hackable' regardless of whether all the WHMCS are hosted on the same server. A TELNET script is actually in place, which prevents you accessing things you shouldn't be accessing.

 

You would be surprised. Also, the policy about removing someone that was doing things that shouldnt is not useful as the harm would have already been done.

 

The particular servers would be monitored virtually 24/7, the end-user/account owner would not be able to execute anything which would jeopardize the server. If this were to happen, which I very much doubt god forbid.

 

Just out of question.. Who hosts there WHMCS on the NetBSD OS. I think you will find nobody does.

[Jordan]

I'm afraid all web hosting companies have that issue. If hardware was to fail, system backups which were took earlier that day or whenever would be loaded from the 'backup hardrive'.

 

We have established certain hardware setups to prevent this from happening. However if all is to fail, the above is usually the last option.

 

Just to clarify, I would never 'run away' and leave customers. I don't do this 'fly by night' business style or the such in reply to your question Jordan.

 

At this point, I'm not even going to try to justify your opinion with my own, etc etc.

[trine]

we run a few bsd (netbsd and freebsd) boxes as well as sun solaris

 

Just because they are a bsd-based *nix, doesn't mean they are unhackable

 

Also, in regards to:

>> Unix based OS (not linux i.e. RHEL based, gentoo etc etc..)..

netBSD is a unix-like *linux* based OS

[SpookedOut]

we run a few bsd (netbsd and freebsd) boxes as well as sun solaris

 

Just because they are a bsd-based *nix, doesn't mean they are unhackable

 

You may be the only 1 of about 7 who do that. Most people host there WHMCS on the shared cPanel web hosting server, probably running some RHEL based OS. Now that's just something I wouldn't do *personally*.

 

I have removed the POLL and continue to hear your constructive comments and nothing rude or offensive for that matter.

[trine]

I, speaking for myself, are not trying to be rude or offensive. As before, I think your idea is nice for startups, but if it's any more secure than any other shared environment is what most are debating here.

 

My suggestion is just go ahead with it. There will definitely be people that express interest in exactly this sort of thing.

[SpookedOut]

Like I have already told somebody, this was created for personal/educational purposes to get an understanding of the demand and to see what the WHMCS community thought, never was it formed to create a flame-war.

 

NetBSD is a UNIX based OS, but does share Linux attributes your correct there.

[DephNet[Paul]]

Personally If SpookedOut could *prove* that a hosted version of WHMCS on his servers would be more secure than a version on one of my servers then I would be all up for this.

 

MACscr, you say that you could hack another account on the server, if SpookedOut would agree to it why doesnt he set up a server exactly how the server would be set up if he was hosting WHMCS on it now and he lets you try. If you are sucessfull then SpookedOut will have to think again on his security.

 

Jordan, by your defination of a "Joe-Schmoe" that would make Matt a "Joe-Schmoe" yet you are using a program that Matt has developed.

 

This is only my 2p so take it as you want.

 

Paul

[Jordan]

Paul, I would agree with that comment, but by the time I came to whmcs a year ago, Matt had a reputable base of clients to base my decision on why I came here.

 

The same could be said for any business that I go with; I base my decision on previous/current customers, reviews, and what I've seen elsewhere.

 

Right now Spooked IS just a joe-schmoe, as I'm just a joe-schmoe to others. I'm not trying to say he's the only joe-schmoe, ever.

[SpookedOut]

For me to setup a server and let MACsr try and attack it, would not be professional act and certinely something I would not even consider. That would be illegal, considering the server is located in the US.

[SpookedOut]

Closing thread.

 

Thanks for your input.