Remove Google From Admin Section

[Allegheny]

Hi,

 

Does anyone have a solution for getting "Google" out of the admin section? I have already dumped them from the front end following another post.

 

Everytime you load your WHMCS Admin area it makes the following unessary connections to a third party (Google) and that boarders on the insane for a secured area (unless you willingly authorize it and have an established relationship).

 

//ajax.googleapis.com/ajax/static/modules/gviz/1.0/core/tooltip.css

//www.google.com/uds/api/visualization/1.0/xxxx/format+en,default+en,ui+en,corechart+en.I.js?_=xxxx

//www.google.com/uds/?file=visualization&v=1&packages=corechart&_=xxxx

//www.google.com/uds/api/visualization/1.0/xxxx/format+en,default+en,ui+en,corechart+en.I.js

//www.google.com/uds/api/visualization/1.0/xxxx/ui+en.css

//www.google.com/uds/?file=visualization&v=1&packages=corechart

//www.google.com/jsapi

 

I know someone will say "it's just downloading css and such" and that's just so very wrong, totally unnessary and way too risky.

 

Today, it's all about making the "connection" and companies like Google push all these free services and files just for that purpose. It's very foolish to trust a for-profit company that is primary made up of "free" services.

 

So, anyway... has anybody successfully removed them without any ill affects?

Edited April 9, 2014 by Allegheny
typo

[Infopro]

Do you see these in the WHMCS Admin Demo site code as well?

http://www.whmcs.com/demo/

[Allegheny]

Oh yes. This is built in. I even checked all three admin templates that come with WHMCS - It does not matter. It's more then just a template thing.

 

The admin section is contacting google to get and download ajax and other code.

 

For anyone worried about security, PCI compliance, etc. - THIS IS AN EPECT FAIL! and makes the software a huge risk to use - and I really like the software and have been using it for many years. My trust in WHMCS now seems to have been misplaced.

 

Even if you totally trust Google (cough, cough) what happens if Google get's hacked and the code your site is downloading becomes compromised? This is one crazy risk WHMCS is making you and me take and we pay for it to boot.

 

For all the security patches they have been releasing, they at the same time are finding more ways to make us less secure - and that goes for most all of the software compaines.

 

A simple way for you to see for yourself what is happening is to go to your admin section using firefox. In firefox, click on Tools>Web Developer>Network and refresh the admin's section home page and watch the third party communications happen.

 

There are better tools for this, but this will help you see the madness...

[Allegheny]

Another easy way to test is temporairly block both "www.google.com" and "ajax.googleapis.com" at your computer's firewall. Make sure your firewall is actually blocking "www.google.com" and "ajax.googleapis.com" by directly navigating to them. Then go into your admin section and you will see portions of your admin section don't work. Aftwards, make sure to unblock Google if you depend on their search engine alot.

 

After 7 years of using WHMCS if this is not fixed, it will time for me to dump it.

Edited April 10, 2014 by Allegheny
remove full url

[merlinpa1969]

Weird, I dont have any connection to google in my admin

[Allegheny]

Are you using V5.3.6 (which is what I am using)? And it appears the WHMCS demo is running V5.3.3 and it loads Google too.

It's also kind of odd that the demo is still running a release candidate of v5.3.3 when the general release of 5.3.6 is out...(not that it matters)

Edited April 10, 2014 by Allegheny

[Allegheny]

Merlinpa1969,

 

You may need to clear your web browsers temp. files to see this as these files maybe cached on your computer and thus you are not seeing the connections to Google.

 

As a matter of good security, we have all our browsers set to dump all temp files, cookies, etc. after each use and follow that up with an automatic dump each night for those employees that can't seem to remember to close their browsers or reboot their computers.