Jump to content
  • 0

Hosting provider question

k2zs

Asked by k2zs,

 Share

Question

k2zs Junior Member

k2zs

Posted
Posted

I am currently with Host Gator in a shared/reseller plan and the performance is terrible. I am thinking of going to Liquid Web for a VPS1 plan and purchasing my own WHMCS license. Is there anyone here that can provide good/bad feedback?

 

Also, I currently have WHMCS 4.5 and am constantly getting hack attacks and bogus ticket submissions. Is there anything new in WHMCS 5.x to help prevent this? I turned off ticket submissions to all non-clients but somehow they are registering as clients and submitting these php exploit scripts.

 

Thanks in advance for your help...

0
Link to comment
Share on other sites

10 answers to this question

Recommended Posts

  • 0
zomex Senior Member

zomex

Posted
Posted
I am currently with Host Gator in a shared/reseller plan and the performance is terrible. I am thinking of going to Liquid Web for a VPS1 plan and purchasing my own WHMCS license. Is there anyone here that can provide good/bad feedback?

 

Also, I currently have WHMCS 4.5 and am constantly getting hack attacks and bogus ticket submissions. Is there anything new in WHMCS 5.x to help prevent this? I turned off ticket submissions to all non-clients but somehow they are registering as clients and submitting these php exploit scripts.

 

Thanks in advance for your help...

 

Hello,

 

I haven't used Liquid Web but they appear to be highly regarded on webhostingtalk.com, I read a positive review just a few minutes ago.

 

Re the ticket submissions, there was a patch released to fix this a month ago: http://blog.whmcs.com/?t=43462

 

WHMCS 5.0.3 will already have the patch included so if you clear your account and re-install WHMCS you'll be fine. If you've been hacked but need to protect data your best bet is to restore from an old backup. I think HostGator take weekly backups.

 

Jack

0
Link to comment
Share on other sites
  • 0
k2zs Junior Member

k2zs

Posted
  • Author
Posted

Thanks Jack,

 

I did install the patch but I'm still being targeted, do hackers still target version 5.x of WHMCS? I also just added the hook you posted to block form submissions containing the exploit code so I'm waiting to see if it is effective.

0
Link to comment
Share on other sites
  • 0
striddy Senior Member

striddy

Posted
Posted
I did install the patch but I'm still being targeted, do hackers still target version 5.x of WHMCS? I also just added the hook you posted to block form submissions containing the exploit code so I'm waiting to see if it is effective.

 

Hackers don't know whether or not you have installed the patch, so yes you will still get these exploit attempts. However with the patch installed, the exploit no longer works.

0
Link to comment
Share on other sites
  • 0
zomex Senior Member

zomex

Posted
Posted
Thanks Jack,

 

I did install the patch but I'm still being targeted, do hackers still target version 5.x of WHMCS? I also just added the hook you posted to block form submissions containing the exploit code so I'm waiting to see if it is effective.

 

Hello,

 

The hackers search Google specifically for websites using WHMCS. They will try and hack as many sites as they can and have no way of knowing whether you have the patch installed (as Striddy mentioned).

0
Link to comment
Share on other sites
  • 0
zomex Senior Member

zomex

Posted
Posted
I realize that they don't know if I have the patch installed or not...

 

What I was asking is if they target WHMCS ver 5 as much (or is there no way of them knowing that)?

 

Technically there is ways they could specifically look for a version. For example they may search on Google for V5 specific text but I think they'll just try every WHMCS install they find.

0
Link to comment
Share on other sites
  • 0
k2zs Junior Member

k2zs

Posted
  • Author
Posted

Thanks Jack...

 

What I can't understand is that how are they doing it now? I thought I shut down the ticketing section to "only active customers" that are logged in. I saw that this last guy became a active customer but I thought that required a purchase being made. Is the account being created once they are passed to PayPal and they just don't complete PayPals order?

0
Link to comment
Share on other sites
  • 0
zomex Senior Member

zomex

Posted
Posted
Thanks Jack...

 

What I can't understand is that how are they doing it now? I thought I shut down the ticketing section to "only active customers" that are logged in. I saw that this last guy became a active customer but I thought that required a purchase being made. Is the account being created once they are passed to PayPal and they just don't complete PayPals order?

 

No problem. If you want to disable registration without ordering go to:

 

setup > general settings > other > untick "Allow Client Registration".

 

That will probably stop a lot of hack attempts but some will still make a order first. If you'd like to completely stop the tickets refer to this thread:

 

http://forums.hostgator.com/script-whmcs-stop-hack-attempts-t160521.html

 

Jack

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept