WHMCS Licenses - 3 days

[satexas]

I own 3 lifetime licenses and pay support on them. A few days ago I couldn't utilize my systems and work in my office STOPPED because we couldn't operate WHMCS due to a DOS attack you suffered.

 

You can minimize the damage by extending and changing your license timeouts. You weren't down 3 days, but my system said that it had not talked to you in 3 days, hence we got hurt by this.

 

You need to consider how you being down 24 or 48 hours can vastly impact others and re-write the checks and balances system to your license aspect to account for these possibilities.

 

Very upset,

 

Russ

[Dreamz]

Licensing is an issue, and so is the extreme overuse of Ioncube. Why they are protecting every single file is beyond me. We had an issue about 2 days ago with the licensing check in the admin area causing us to not be able access WHMCS, WHMCS was down when we tried to submit a ticket (though it was have been a 10+ day wait anyways). It was only a few hours, but in those few hours we had 8 tickets, and 3 orders that we could do nothing about during that time.

[sgrayban]

They will never change this time check. I have seen other requests like this go un-answered.

[supernix]

That might be what is motivating these groups to bring them down.

[ipgeek-lg]

Not to detract from the core issue here as I really do think that something should be done, be it a change to the licensing system or WHMCS's site / servers.

 

There is a way to get round this as far as I could tell my server stopped communicating with them after WHMCS changed their IP address. An easy way to sort this is to run "/etc/rc.d/init.d/nscd restart" on your server after you ensure that your own DNS server has up to date info or use Google's 8.8.8.8.

 

Regardless I think WHMCS should of learnt from their hostgator days that shared hosting or having a single point of failure is not an option. Maybe if they ran a few servers with a load balancing system in front of it, maybe a backup licensing server for these times. Even the kimsufi vks's that we use for our licensing system (custom made, not WHMCS) only cost £5.74 a month and we use two of them to ensure availability.

 

Not that difficult to make an infrastructure change for the better especially thinking on the last 6 months or so of happenings.

[daz29]

Licensing is an issue, and so is the extreme overuse of Ioncube. Why they are protecting every single file is beyond me. We had an issue about 2 days ago with the licensing check in the admin area causing us to not be able access WHMCS, WHMCS was down when we tried to submit a ticket (though it was have been a 10+ day wait anyways). It was only a few hours, but in those few hours we had 8 tickets, and 3 orders that we could do nothing about during that time.

 

Code which is hidden and encoded, is more secure because no hackers can find an exploit, I think that's the main reason for encoding most files.

[wirenine]

Code which is hidden and encoded, is more secure because no hackers can find an exploit, I think that's the main reason for encoding most files.

 

It's encoded to protect it from piracy.

[malfunction]

It's encoded to protect it from piracy.

Indeed it is, but you don't have to encode the entire application to protect it from piracy, that's just for their own convenience at the expense of making life unneccesarily difficult for users.

[easyhosting]

that's just for their own convenience at the expense of making life unneccesarily difficult for users.

 

Can you provide proof of this?

 

It is up to WHMCS what they encode and how they run their business

[panacheweb]

It's encoded to protect it from piracy.

 

I have to laugh at this.. because every version up until this version has been cracked wide open, due to the fact that whmcs has not been using the latest and most secure methods of encryption. I told matt about this over two versions ago, and yet the last version was encoded the same.. This version is encoded with ioncube 7. whmcs has been being cracked since version 4.2.

 

The fact is there is only one file that really needs to be cracked in this entire software scheme. Once you have that file cracked wide open, it does not matter what other files are cracked.

 

basicly when it comes down it it, most of the previous versions files can be decoded simply.

 

Saying this, I use a legit version of whmcs, but I do keep track of software that is out there that is being stolen.

 

At any rate, I do not see the point of the actual modules section being encoded, but the internal software for whmcs, I can agree that it should be encoded.

 

The fact is the owned license, is not even really owned, it's still leased at best, because your system can go offline at anytime due to a DDOS or DOS attack or being hacked or otherwise.. or if you just happen to piss off matt and your account gets cancelled or the company goes out of business, your "owned" license is now useless.. completely useless.

[easyhosting]

 

The fact is the owned license, is not even really owned, it's still leased at best, because your system can go offline at anytime due to a DDOS or DOS attack or being hacked or otherwise.. or if you just happen to piss off matt and your account gets cancelled or the company goes out of business, your "owned" license is now useless.. completely useless.

 

this would be the same with any owned licence of any software as it is still under licence to the software house and will have a licence code in the sofware that read it is a legit copy with the software house licence system.

[b0r3d]

They will never change this time check. I have seen other requests like this go un-answered.

 

To me it seems WHMCS is paranoid. These checks shouldn't happen more than every 7-15 days, not 24-72 hours. All i'm reading now is about these license checks.

 

There is literally ZERO need to verify a license every day at midnight or every 2-3 days.

[b0r3d]

this would be the same with any owned licence of any software as it is still under licence to the software house and will have a licence code in the sofware that read it is a legit copy with the software house licence system.

 

We also use a billing software from a competitor for a separate data center business of ours and their license does not call home unless the IP changes.

[easyhosting]

We also use a billing software from a competitor for a separate data center business of ours and their license does not call home unless the IP changes.

 

most will have some sort of call home check on the licence, but not as often as WHMCS as how will they keep check to make you are not using a nulled copy or have paid for your licence.

[Alistair]

most will have some sort of call home check on the licence, but not as often as WHMCS as how will they keep check to make you are not using a nulled copy or have paid for your licence.

 

Nulled scripts have license checks?

[easyhosting]

Nulled scripts have license checks?

 

no

licence checks are a way to make sure your licence is valid, so if you have a nulled script then their will be no licence check so software houses will be able to check if you have a valid licence the same as whmcs has their licence validation checks.

 

why do think their is licence checks?

[b0r3d]

no

licence checks are a way to make sure your licence is valid, so if you have a nulled script then their will be no licence check so software houses will be able to check if you have a valid licence the same as whmcs has their licence validation checks.

 

why do think their is licence checks?

 

Not sure why anyone would even question a license check so i understand your argument about that. On that note, a license check to verify the license is valid is fine and good, but absolutely no reason to check more than once every 10-15 days. There is no profit loss as long as it's not a full 1 time per month check.

 

I think they do it to avoid people cancelling and enjoying another free month. That said it's not fair to punish current customers with this especially with a lackluster license system that appears to go down far too often.

 

That said, owned license holders should have the license script quite literally do a "if ($license = "owned")" { disable check } it's really not a hard variable to insert into the script. I called it years ago anyone who watched Matt develop this software in to what it is today. He listened to everyone years and years ago. Took advice and acted on it for suggestions. Since it has grown and it's market share has exceeded mroe than 50%, notice how lots of common sense suggestions are ignored and i've seen people in the hundreds ask for features to this day never be implemented.

 

IMHO WHMCS grew bigger than Matt could manage alone (with hiring several staff still he is the owner/management) and this is why i think he went the WHM route. Off topic a little there i know.

 

Point being, Matt if you'd ever take a simple basic suggestion; change the callback to no less than 10 days. You'd make every customer happy. Or better yet a 2 way communication if licenses are cancelled you have control over that but do not have their systems callback unless an IP changes and for owned license holders disable it altogether.

[Nexxterra]

There could also be a simple grace period of 10 days for the license check that does not find a particular file on the WHMCS server, this would indicate the connection was not found and to try again the next scheduled period. If this file is found and the license is not verified, it tells the system that the license is invalid and to shut it off, but the verify connection file would ensure that a bad connection or server being down would not effect the client... unless WHMCS is down for 10 straight days.

[ipgeek-lg]

Again, I don't think the issue is really down to how often the check is run. This may be barking up the wrong tree but coming from a internet service provider background I believe strongly in the concept of distributed infrastructure.

 

If the licensing system had a distributed structure, running across 4-6 servers on a round robin DNS setup then most of these problems would be resolved. Throw some active monitoring in there, put a TTL out of 300 on the license domain and if one goes down bring up another. That is relatively easy if you use VMs and have snapshot instances available and MySQL replication to streamline the process.

[easyhosting]

you all think WHMCS is mad at doing a licence check every 7 days, well who has rvsitebuilder and noticed they have what they call updates on a daily business (these updates are actually licence/IP checks being run daily). we stopped using/offering rvsitebuilder last year when they were doing these updates twice a day.

 

so personally i am not bothered with WHMCS doing licence checks every 7 days.

[ipgeek-lg]

you all think WHMCS is mad at doing a licence check every 7 days

 

Nothing wrong with WHMCS doing a license check every hour, as long as they have a licensing server infrastructure that is capable of sustaining this level of interaction.

[b0r3d]

you all think WHMCS is mad at doing a licence check every 7 days, well who has rvsitebuilder and noticed they have what they call updates on a daily business (these updates are actually licence/IP checks being run daily). we stopped using/offering rvsitebuilder last year when they were doing these updates twice a day.

 

so personally i am not bothered with WHMCS doing licence checks every 7 days.

 

I've never seen you neutral about anything, you're always on the defense for WHMCS. Stop comparing WHMCS to anyone else. WHMCS is a whole new monster. It's a software of which a business relies on. rvSiteBuilder IS NOT. We still offer rvSiteBuilder, and have had zero issues with it, rvSkin, Softaculous, Fantastico and several others that do license checks.

 

WHMCS is the only one i've been brought offline (no admin access due to license check).

 

Do yourself a favor and remain neutral. Coming to WHMCS defense 99% of the time does no good except to instigate. IMHO what people here are suggesting is productive. It's good for Matt & Staff to see, think about and hopefully move towards. They themselves do not care about rvSiteBuilder, they care about WHMCS, their bread and butter. Simple.

[ipgeek-lg]

Can you provide proof of this?

 

I didn't think a distributed structure was something that needed proof.... more of an industry standard really. But I will refer you to my previous posts:

 

http://forum.whmcs.com/showthread.php?58886-WHMCS-Licenses-3-days&p=266002#post265722

 

http://forum.whmcs.com/showthread.php?58886-WHMCS-Licenses-3-days#post262662

 

Oh and smiley fail by the way.... :-P