Jump to content

Security patch

adamn

By adamn
in General Discussion

 Share

Recommended Posts

DF-Duncan Senior Member

DF-Duncan

Posted
Posted

We have reported this fault from day one of the patch, in a couple of versions ( we have not yet tried 5.2.2 due to reported problems from other users )

 

We have not had an update to this fault, expect a very poor reply from 'Mark' completing avoiding the question, and stating information about 5.2.2.

0
Link to comment
Share on other sites
  • Replies 101
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

cpmax Junior Member

cpmax

Posted
Posted

After we applied patch on 5.1.3 and updated to 5.1.4, no payments are being credited/applied to invoices. The problem exists with paypal and 2checkout. Yesterday, I upgraded installation to 5.1.5 as per suggestion in Ticket #JBX-160812 but the problem still exists.

 

This is very unprofessional way to release patches.

0
Link to comment
Share on other sites
nixonk Junior Member

nixonk

Posted
Posted

I applied the security patch to version 4.5.3 - the day it was anounced - this completley screwed the system up with a licence error - support sorted this but the system does not work - I have not had a single new client as the domain lookup sends the user straight to a login page - I have had a ticket open for six days but can not get a reply - is there anyone out there who knows what is happening - my business is quickly going down the pan!!!!!!!!

0
Link to comment
Share on other sites
xeqution Senior Member

xeqution

Posted
Posted

Hi James,

 

my ticket number is #BCC-904788

 

Sorry but I have been waiting over 24 hours and have had a lot of new orders via credit card redirect the user back to the client area login page upon payment. This has occurred ever since upgrading from 5.0.3 to 5.0.4. I would appreciate it if you could get a developer to look into this as soon as possible.

0
Link to comment
Share on other sites
theprimehost Junior Member

theprimehost

Posted
Posted

I updated my ticket over 24 hours ago and no response. I even opened a new one in case my responding to my original un-responded to ticket set it further back in the queue. I guess they're getting slammed with issues right now.

 

Sure would be nice to process new CC orders.

0
Link to comment
Share on other sites
xeqution Senior Member

xeqution

Posted
Posted

Certainly would be, this should be treated as high priority... we have been 3 days without properly processing CC orders due to a poorly executed WHMCS security patch that was released... this is absolutely ridiculous. I receive a response, I respond and wait 24 - 48 hours each time.

0
Link to comment
Share on other sites
theprimehost Junior Member

theprimehost

Posted
Posted

The patched version? I tried updating from patched 5.0.4 to 5.1.5 and then 5.22. Both resulted in an odd redirection issue when I tried to login to the admin area (redirected to the general WHM area where you can login or purchase new services).

 

 

 

I'm on 5.1.5 and it's pretty stable for me...
0
Link to comment
Share on other sites
theprimehost Junior Member

theprimehost

Posted
Posted

Same with us and waiting 24 hours in between support replies is not cutting it. We have over 100 licenses with WHMCS and need this resolved.

 

Sorry but I have been waiting over 24 hours and have had a lot of new orders via credit card redirect the user back to the client area login page upon payment. This has occurred ever since upgrading from 5.0.3 to 5.0.4. I would appreciate it if you could get a developer to look into this as soon as possible.

0
Link to comment
Share on other sites
mrl14 Senior Member

mrl14

Posted
Posted

We've also noticed that as of Mar 22, all credit card orders that come through, remain in incomplete payment status. I have to manually run the invoice command "Attempt charge" to bill client and process order. We patched our system the day the security fix was released (I think Mar 14th?). We are also running 5.0.4 and using PSigate. PayPal appears to be unaffected by this. We need to get this resolved ASAP.

0
Link to comment
Share on other sites
mikie Member

mikie

Posted
Posted
Hello,

5.2.1 doesn't appear to have this issue. PayPal IPN is being sorted for 5.x now. Updates shortly.

 

Where is 5.2.1? I dont see it anywhere. Can anyone tell us where v5.2.1 is? To get to 5.2.2 it says you should be running 5.2.1 but i dont see it as a download option.

0
Link to comment
Share on other sites
xeqution Senior Member

xeqution

Posted
Posted

The 5.0.4 creditcard.php file has been modified with something causing an issue with credit card payments being accepted. It took me almost 1 week of going back and forth with WHMCS directly to realize that the staff were absolutely useless.

 

I received a response from one representative stating that the issue was with our "heavily modified cart" and a "sessions" variable, this was simply incorrect, we used the ?systpl variable to switch to the portal template of the cart supplied by WHMCS, guess what - the same issue occurred and we were still unable to accept credit card payments.

 

We created a FTP account for WHMCS as they "required" ftp access to fix this issue, we monitored their movements.

 

WHMCS downloaded all the hooks and modified 2 of the files by removing base64 code from them. I haven't brought this up in the ticket with WHMCS however no staff member even notified us of these changes..., luckily we had a backup and were able to compare the 2 files to see what WHMCS modified.

 

What frustrates me is that the staff are just putting the blame directly on our installation or our cart with no actual hard facts. Unfortunately Chris your response is what burned me the most, you stated that you used the systpl to make a payment via CC and that it worked - I then had myself and our lead WHMCS developer do the exact same thing by replacing the systpl to the "portal" which didn't actually allow the credit card payment to be processed or declined (using fake details), it just took the user back to the WHMCS login page upon completing their order.

 

The support supplied by the WHMCS staff is very unprofessional to say the least. The latest update has been an absolutely nightmare and has costed us lost time and money.

 

I have isolated the issue down to an issue with the actual 5.0.4 patch that was applied. To isolate the issue we simply applied the old 5.0.3 creditcard.php file back into the whmcs folder. We then tested a credit card payment which worked without any issues. So now were running an insecure version of the creditcard.php file thanks to WHMCS rolling out a bad patch.

0
Link to comment
Share on other sites
LDHosting Member

LDHosting

Posted
Posted

Yup, looks like we are seeing the credit card issue on 5.0.4 too.. awesome. Time to send a ticket into limbo, I guess.

 

When placing a new credit card order, rather than processing the payment as expected the client is simply redirected to the login page (nothing is shown in the gateway log either). The new client then has to log into the client area and pay the invoice from the 'view invoice' page, or contact us for us to attempt the capture from the admin side.

0
Link to comment
Share on other sites
DF-Duncan Senior Member

DF-Duncan

Posted
Posted

I hope you get a fix for that, we have an open ticket on it with no response since the 20th.

We were given a rc 5.0.5 patch which fixed the logging out of the client, but created a new payment error.

 

Awaiting response/fix/update to it

 

Disappointment does not even come near how we feel at this time, such a shame, as you can only rate a product by the support given, as we all make mistakes, but it is how they are fixed that counts.

0
Link to comment
Share on other sites
  • 2 weeks later...
PDS Member

PDS

Posted
Posted

Is replacing 5.0.4 creditcard.php with the same named file from version 5.0.3 still the only fix?

 

Also, since the patch to upgrade WHMCS from 5.0.3 to 5.0.4, the integration code token value updates with every WHMCS login. This results in domain checks, for example using the Domain Availability Lookup code to redirect to the client login page when a domain search is submitted.

 

I've seen others with same issue (and still do when I've checked their sites) but I can't find a fix anywhere. I've asked support 16 hours ago but no reply yet :(

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept