Jump to content

users registering without ordering

easyhosting

By easyhosting
in Troubleshooting Issues

 Share

Recommended Posts

easyhosting Senior Member

easyhosting

Posted
Posted

Hi

 

In Setup > General Settings > Others

 

I have '

Allow Client Registration' unticked as it states '

Tick this box to allow registration without ordering any products/services' so leaving unticked should mean that no one can register unless they order goods or a service.

 

well this fails as today i have had 3 sign ups without them ordering anything and each i have had to close accounts due to fraudrecord flags

0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
Nothing, just indicates they signed up through register.php

i'm not sure what to suggest with this... :?:

 

I suppose it's possible that there's a new exploit going around, and you could report the incident to WHMCS - but without knowing how they created the accounts, i'm not sure what WHMCS can do.

 

another option, if you intend to keep registration disabled without ordering, might be to create a new register.php file or just remove it entirely... if registration is disabled, then the file is of limited use anyway - so if there is code within the encrypted register.php file that could be exploited into creating accounts, then creating a new basic file should remove that issue.

 

although, it's also possible that creating a new file, and certainly removing it entirely, would result in the automatic updater putting it back - so that's something to bear in mind if you do this. :roll:

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
  • Author
Posted

Thanks Brian

 

yes my next port of call will be a ticket to WHMCS, just thought i would ask on here first

 

- - - Updated - - -

 

i'm not sure what to suggest with this... :?:

 

I suppose it's possible that there's a new exploit going around, and you could report the incident to WHMCS - but without knowing how they created the accounts, i'm not sure what WHMCS can do.

 

another option, if you intend to keep registration disabled without ordering, might be to create a new register.php file or just remove it entirely... if registration is disabled, then the file is of limited use anyway - so if there is code within the encrypted register.php file that could be exploited into creating accounts, then creating a new basic file should remove that issue.

 

although, it's also possible that creating a new file, and certainly removing it entirely, would result in the automatic updater putting it back - so that's something to bear in mind if you do this. :roll:

 

Just looked at the system module logs and it just shows

 

Date: 21/02/2017 06:44

Module: rclbt

Action: create customer with whmcs pwd

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept