crshep Posted December 7, 2017 Share Posted December 7, 2017 I received this from the hosting provider =============== Please note that like all hosting providers these days, allow_url_fopen is disabled server-wide as this is considered a huge security risk. You may want to get in touch with the application developer to see if there is a workaround for this. =============== So is there a work around? Link to comment Share on other sites More sharing options...
WHMCS Developer WHMCS Andrew Posted December 7, 2017 WHMCS Developer Share Posted December 7, 2017 Hey crshep allow_url_fopen is required when using the automatic updater. Without this, you would need to manually apply any WHMCS updates. You can see the full list of system requirements on the Automatic Updater Documentation Link to comment Share on other sites More sharing options...
crshep Posted December 8, 2017 Author Share Posted December 8, 2017 Ok next question. Why would WHMCS program or what ever it is called to force the use of allow_url_fopen when most hosting providers won't allow it on a shared server which is what WHMCS is mostly on if it is a security issue for shared servers? Just wondering is all. Link to comment Share on other sites More sharing options...
bear Posted December 8, 2017 Share Posted December 8, 2017 Honestly, WHMCS should never be installed on a shared server along with any shared hosting clients (even when not your own). It's simply asking to be compromised, since you don't control the other accounts on the server. Mysql attacks, cross site attacks and more are far more likely on a shared server than a VPS or greater since they can generally be better isolated. Yes it's more expensive, but generally speaking a far less risky setup. Just my opinion. Link to comment Share on other sites More sharing options...
RadWebHosting Posted December 9, 2017 Share Posted December 9, 2017 On 12/8/2017 at 8:39 AM, bear said: Honestly, WHMCS should never be installed on a shared server along with any shared hosting clients (even when not your own). It's simply asking to be compromised, since you don't control the other accounts on the server. Mysql attacks, cross site attacks and more are far more likely on a shared server than a VPS or greater since they can generally be better isolated. Yes it's more expensive, but generally speaking a far less risky setup. Just my opinion. Yes, you'll probably find many cases where it is advantageous for allow_url_fopen to be enabled. You should find a VPS in your budget and move your WHMCS off of shared host. Link to comment Share on other sites More sharing options...
WHMCS Nate Posted December 10, 2017 Share Posted December 10, 2017 On 12/8/2017 at 9:43 AM, crshep said: Ok next question. Why would WHMCS program or what ever it is called to force the use of allow_url_fopen? Hello crshep, We use allow_url_fopen to fetch files for the automatic updater for a few reasons: We built the updater on top of the php library "composer", our reasons for using composer are a bit longer than a quick forum reply but as a super short summary: it allow us a flexible language for dependencies and upgrade calculation which is widely tested and used; and it allows us to extend additional functionality we're excited to deliver in future versions. Composer uses the built in php streams for downloading because its available to use across the widest variety of systems. In our testing, we found more users had issues with using libcurl then using php's fopen stream directly. I have worked as a senior admin for a large shared / reseller web host and understand their reasoning for disabling this functionality by default. There are situations where it should be enabled and hopefully your host can allow you to craft a custom php.ini which can enable this just for WHMCS. Have a good day, Nate C Link to comment Share on other sites More sharing options...
crshep Posted December 11, 2017 Author Share Posted December 11, 2017 It's not me I have my own VPS which runs my WHMCS. It is clients on MY other vps I use for hosting who are having the problems. Since they are having problems it sure is hard to reseller the WHMCS to be used. But thanks for the answer Nate and I understand the reason just sucks is all. Link to comment Share on other sites More sharing options...
easyhosting Posted December 11, 2017 Share Posted December 11, 2017 On 08/12/2017 at 3:43 PM, crshep said: Ok next question. Why would WHMCS program or what ever it is called to force the use of allow_url_fopen when most hosting providers won't allow it on a shared server which is what WHMCS is mostly on if it is a security issue for shared servers? Just wondering is all. Very risky having WHMCS on a shared plan, you are better off having this on a VPS and if possible a different 1 to where your clients are held Link to comment Share on other sites More sharing options...
crshep Posted December 11, 2017 Author Share Posted December 11, 2017 (edited) It's sure nice how everyone reads in full and puts their 2 cents in but nothing to do with the question. :O) Also so when a client asked about WHMCS then we should all tell them yes go get a VPS so you can run you it. So now a client has to have at least 2 VPS to run their business and we loose a client becasue they want to do the same business we we doing. Just sit back and think about that for a minute. A NEW person to this business...... In my opionion looks like WHMCS is limiting their client base Not ever person who wants to use WHMCS but is new to this business is going to run out and get a new VPS they will just use another billing system. Edited December 11, 2017 by crshep Link to comment Share on other sites More sharing options...
easyhosting Posted December 11, 2017 Share Posted December 11, 2017 On 11/12/2017 at 12:38 PM, crshep said: It's sure nice how everyone reads in full and puts their 2 cents in but nothing to do with the question. :O) Also so when a client asked about WHMCS then we should all tell them yes go get a VPS so you can run you it. So now a client has to have at least 2 VPS to run their business and we loose a client becasue they want to do the same business we we doing. Just sit back and think about that for a minute. A NEW person to this business...... In my opionion looks like WHMCS is limiting their client base Not ever person who wants to use WHMCS but is new to this business is going to run out and get a new VPS they will just use another billing system. Read the WHMCS documentation. It is advised not to have WHMCS on the same server as your clients. you look at it this way. WHMCS is a billing and client management system, so you have this on the same server as your clients and opps that server has an issue and goes down. Now how are you going to contact your clients and more importantly how are your clients going to contact you to find out what has happened to their site. This will lose you more clients. You can pick up a VPS for $5 a month that will run WHMCS ( you dont need WHM/cpanel). It is bad practice to run WHMCS on a shared environment Link to comment Share on other sites More sharing options...
bear Posted December 11, 2017 Share Posted December 11, 2017 8 hours ago, crshep said: It's sure nice how everyone reads in full and puts their 2 cents in but nothing to do with the question. :O) Also so when a client asked about WHMCS then we should all tell them yes go get a VPS so you can run you it. So now a client has to have at least 2 VPS to run their business and we loose a client becasue they want to do the same business we we doing. Just sit back and think about that for a minute. A NEW person to this business...... In my opionion looks like WHMCS is limiting their client base Not ever person who wants to use WHMCS but is new to this business is going to run out and get a new VPS they will just use another billing system. The workaround is to manually update. That was given to you early on. The rest is advice about moving to a more secure option, if possible. As for someone moving to a new billing system due to this? It will be exactly the same recommendation to isolate your business from shared hosting accounts, since the potential for disaster is there for *all* of them. It's just the inability to use fopen to use autoupdates that's not working. Manual is the only way if you need or want to stay on shared hosting. Link to comment Share on other sites More sharing options...
crshep Posted December 14, 2017 Author Share Posted December 14, 2017 WOW no one reads LOL Mine is on a different VPS as a root reseller. It is NOT on the same VPS as my clients who are having this problem. AGAIN I'LL SAY IT MY WHMCS IS ON MY OWN VPS WHICH IS NOT ON A SHARED SERVER IT IS ALL BY IT'S SELF. Sorry for the caps but I do not know how to make this any clearer since it seems some people are not reading the whole post. So easyhost you would simply tell YOUR client to drop YOUR service and move to a $5 VPS and loose your client? bear had the best answer "Manually update" but still figured I was on a shared server. But thanks for the replies never the less. Link to comment Share on other sites More sharing options...
Recommended Posts