Jump to content

has whmcsNow.com ceased trading


snake

Recommended Posts

16 minutes ago, snake said:

does anything know anything about whmcsnow.com, I am using their staffwiki plugin, but have not been able to get any response from  them for over 8 months now.

seems he hasn't logged in here for nearly 3 years, none of his products have been updated in months... and his LinkedIn page says he now works for Amazon.... I wouldn't be too optimistic if I were you.

Link to comment
Share on other sites

  • 1 year later...

Ok thanks I've submitted a ticket. As far as I can tell, the staff wiki module is just a copy of the WHMCS KB but with only admin access. There is another module the same by "EasyWHMCS" but this doesn't support PHP 7.

Does anyone know an alternative?

Link to comment
Share on other sites

I have not found any alternative. I will just start using an external solution if this is not resolved.

I would not recommend EasyWHMCS. I once paid that guy for some custom work, and got completely ripped off. He did not do the work and would not refund the money either. Tried to submit a claim against him and the address was fake also.

Link to comment
Share on other sites

Since we're in the third party addons and rules allow it, I will do a bit of self promo.  Check out my staff knowledgebase module on the marketplace for a staff wiki / kb module.  Likely wont work with the whmcsnow staff wiki tables as was built to replace easywhmcs's staff kb module and use those tables.

Link to comment
Share on other sites

 
 
 
2
On 5/13/2019 at 11:19 AM, Chris74 said:

Ok thanks I've submitted a ticket. As far as I can tell, the staff wiki module is just a copy of the WHMCS KB but with only admin access. There is another module the same by "EasyWHMCS" but this doesn't support PHP 7.

Does anyone know an alternative?

Maybe you like to wait couple day i developer a one that calls staff knowledgebase .

Link to comment
Share on other sites

My module does do license checking and has a grace period of a couple days before it would start to give license validation errors.   Price is one time fee, gives a year of updates / support and after that point you don't need either it will still function.

Link to comment
Share on other sites

I think we will just add a Staff category to the main KB and not publish the articles. This way we don't have to rely on third party developers.

One of the major problems with WHMCS is that they rely on external developers to provide modules for their system to put in place the functionality that is sadly missing from the main product. Sadly in most cases, these "developers" are amateurs who have learned a bit of PHP coding and want to make some money sitting at home. We have seen it so many times where the website goes offline, the owner can't be contacted - or the addon is no longer being maintained or updated. It's pretty much a waste of time to use any of these third party modules. It's also a security risk.

Link to comment
Share on other sites

The issue with our website was to an upgrade and then our antivirus periodically removing one of WHMCS' core files.

 

With regards to the issue with the grace period, we have found and patched an issue with the WHMCS' Licensing Addon which renders no grace period if the license is expired and the license server is not responding correctly.

I have reported this issue to WHMCS and they have created a CaseID: ADDON-6030 to investigate this issue further.

Link to comment
Share on other sites

  • 3 weeks later...

Exact same thing has just happened with the "BusyRack DNS Manager addon. Using the module says license has expired (it hasn't) and their website is down.  https://www.busyrack.com/client/

These people don't seem to understand that if their system is down - it disables the module on our systems too! Why should we suffer because of their technical issues?

It just makes me more and more nervous about using any third party modules. Right now, any of our customers with domain registrations only (no hosting) can't manage their DNS records.

Link to comment
Share on other sites

48 minutes ago, Chris74 said:

Exact same thing has just happened with the "BusyRack DNS Manager addon. Using the module says license has expired (it hasn't) and their website is down.  https://www.busyrack.com/client/

These people don't seem to understand that if their system is down - it disables the module on our systems too! Why should we suffer because of their technical issues?

It just makes me more and more nervous about using any third party modules. Right now, any of our customers with domain registrations only (no hosting) can't manage their DNS records.

This confirms the issue that I found and reported in the WHMCS Licensing System.

WHMCSnow.com released an update last month which fixes the issue which causes the grace period not to work.

Link to comment
Share on other sites

The other big problem of course, is that if you ever need support from WHMCS, you are forced to disable all your addons first, which will completely break your system if it is reliant on those addons and in some cases, lose all the settings and config.

Link to comment
Share on other sites

1 hour ago, Chris74 said:

Can you describe in more detail what the issue is with the WHMCS licencing system? If you fixed the problem by updating your module - I assume that was some sort of workaround for the problem in WHMCS?

So in the /modules/servers/licensing/check_sample_code.php file which is how a developer would license their addon you can see the following.

Line 53, $check_token is generated which is a MD5 hash.

The licensing server uses this $check_token along a secret key and returns this as an md5 hash which is then store in your local license.

Line 60, within this if statement it checks to see if this local license is valid, lets say this has expired, as it has expired a remote license check needs to take place.

Line 98, within this if statement the remote check will take place.

Line 150, within this if statement, you can see if the response code from the server is not 200 then it will see if the local key is within the grace period, if it is then that license will be set.

 

Line 170, within this if statement is where the issue occurs, the local key has a md5hash so this if statement is run.

Line 171, The md5hash from the local license is checked compared to the $check_token which is generated on line 53, which is different each time the script is run.

 

The $check_token will never match the md5hash in the local key which renders there no grace period in the licensing system.

Link to comment
Share on other sites

2 hours ago, IoxHost said:

So in the /modules/servers/licensing/check_sample_code.php file which is how a developer would license their addon you can see the following.

Line 53, $check_token is generated which is a MD5 hash.

The licensing server uses this $check_token along a secret key and returns this as an md5 hash which is then store in your local license.

Line 60, within this if statement it checks to see if this local license is valid, lets say this has expired, as it has expired a remote license check needs to take place.

Line 98, within this if statement the remote check will take place.

Line 150, within this if statement, you can see if the response code from the server is not 200 then it will see if the local key is within the grace period, if it is then that license will be set.

 

Line 170, within this if statement is where the issue occurs, the local key has a md5hash so this if statement is run.

Line 171, The md5hash from the local license is checked compared to the $check_token which is generated on line 53, which is different each time the script is run.

 

The $check_token will never match the md5hash in the local key which renders there no grace period in the licensing system.

That's not a problem per se. Many developers (beginners one) entirely forget about Local Key or maybe they're too lazy to implement this system. The check_sample_code.php like the name suggests is an example. By using local key in the right way you can solve the vast majority of problems described in this thread. In fact the license is valid even if the licensig server is offline for 1, 2, 10, 30 (...) days.

For the sake of completeness, even with local key fully implemented, a small part of customers will still check the license on every page load due to the fact that local key is based on domain name and IP address. On some hosting environments domain name is not available to PHP via $_SERVER (it depends on the handler you use) and most important some servers could use an outgoing IP that is different from the one on which WHMCS is installed (eg. multi-IP, IPv6 & IPv4 used together and particular routing settings). This causes the local key to be refreshed on every page load even when the licensing server is fully functional. In my opinion this specific part of the licensing system should be addressed. The rest is fine.

There's a reason why the unreliable domain name / IP combination is in use. Please don't make me explain why 🙂 Let's just say that you need something to identify each specific server. IP/domain parameters represent a valid option if it wasn't for the problem I described above. We should use an alternative. Personally I was thinking about "replacing" IP & domain name with WHMCS license keys (an encoded version) since they're unique and are available on all systems. The problem is that this is a bad idea for security. If someone cracks my licensing server and finds my encryption WHMCS license keys of all my customers will be exposed. Anyway this problem affects a small number of clients.

Edited by Kian
Link to comment
Share on other sites

7 minutes ago, Kian said:

That's not a problem per se. Many developers (beginners one) entirely forget about Local Key or maybe they're too lazy to implement this system. The check_sample_code.php like the name suggests is an example. By using localkey in the right way you can solve the vast majority of problems described in this thread.

For the sake of completeness, even with localkey fully implemented, a small part of customers will still check the license on every page load due to the fact that localkey is based on domain name and IP address. On some hosting environments domain name is not available to PHP via $_SERVER (it depends on the handler you use) and most important some servers could use an outgoing IP that is different from the one on which WHMCS is installed (eg. multi-IP, IPv6 & IPv4 used together and particular routing settings). In my opinion this specific part of the licensing system should be addressed. The rest is fine.

There's a reason why the unreliable domain name / IP combination is in use. Please don't make me explain why 🙂 Let's just say that you need something to identify each specific server. IP/domain parameters represent are valid option if it wasn't for the problem I described above. We should use an alternative. Personally I was thinking about "replacing" IP & domain name with WHMCS license keys (an encoded version) since they're unique and are available on all systems. The problem is that this is a bad idea for security. If someone crack my licensing server and find my encryption key they automatically know WHMCS license keys of all my customers. After so many years I still can't find an alternative to IP and domain name and I use other solutions to overcome the issue. Anyway keep in mind that this this problem affects a small number of clients.

 

I would say this is an issue as many developers base their code from the check_sample_code.php file, it has not only affected my customers but BusyRack 's as wekk. It took me a couple of days to find this issue and to resolve it.

The issue occurs when the local key is invalid and the remote server check fails.

 

WHMCSnow.com uses license keys to validate instead of IP/domains for the reason you mentioned.

I don't think this causes a security issue if hashed in a 1 way encryption with a seed, WHMCS license keys are linked to a server and would need to be re-issued in WHMCS billing platform before they would be any good to anyone.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated