lostinspace Posted October 15, 2007 Share Posted October 15, 2007 All of our shared hosting products have Auto Setup set to "After Accepting Pending Order". Before 3.4.0, orders including domain purchases were never submitted until we physically accepted the order and domain purchase (exactly as expected). However, we are now seeing domain registrations going through automatically without order approval. We are using ENOM for domains. This is obviously a problem when the order turns out to be fraudulent. Anyone else seeing this behavior? We haven't tried to turn Auto Setup "Off" to see if domain registrations abide by the setting. 0 Quote Link to comment Share on other sites More sharing options...
lostinspace Posted October 15, 2007 Author Share Posted October 15, 2007 Just some added info: An order two days ago didn't have this problem (the domain order never got a registrar module assigned). This recent order shows the ENOM module assigned already. 0 Quote Link to comment Share on other sites More sharing options...
othellotech Posted October 15, 2007 Share Posted October 15, 2007 this is the current behaviour in 3.3 when you have the tlds assigned to a registrar so its not a new issue, as soon as payment is recieved the domain is registered, without having the option to "accept" the order/do manual fraud checks 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted October 15, 2007 WHMCS CEO Share Posted October 15, 2007 Hi Josh, You are confused. The setting you are referring to is the product activation setting. Not related at all to domains which is set seperately in Configuration > Domain Pricing where you have enabled automatic registration by selecting a registrar to use. You can disable it there if you want so this is not a bug. Moved to Technical Issues & Questions. Matt 0 Quote Link to comment Share on other sites More sharing options...
lostinspace Posted October 15, 2007 Author Share Posted October 15, 2007 OK, fair enough - I stand confused. So by the very nature of setting up the domain registrar module and selecting the applicable setting in the configuration area - WHMCS allows unchecked domain registrations (i.e. no approval checks even by the fraud modules)? Odd that the previous order (two days earlier) didn't present this behavior. 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted October 15, 2007 WHMCS CEO Share Posted October 15, 2007 Obviously if a fraud module checks and blocks the order, payment won't be made so registration won't occur. It's only when an invoice is paid - not when the order is submitted. Matt 0 Quote Link to comment Share on other sites More sharing options...
lostinspace Posted October 15, 2007 Author Share Posted October 15, 2007 So case and point, Maxmind enabled with the following: Block orders where order address is different from IP Location Block orders where the user is ordering through a Proxy Block orders from high risk countries Maxmind reported the following for the order: Our CC gateway failed their own internal fraud check - so no funds came to us. So the hosting order didn't go through (since we have to approve it anyway) but the domain was put through. How can we prevent the above scenario from happening again? 0 Quote Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted October 15, 2007 WHMCS CEO Share Posted October 15, 2007 You need to set the MaxMind block level to the maximum level you want to allow through. 2.5 is usually a good number to block at for manual review (Config > Fraud Protection). Matt 0 Quote Link to comment Share on other sites More sharing options...
lostinspace Posted October 15, 2007 Author Share Posted October 15, 2007 K, thanks Matt. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.