Be Aware From These Spammers

[WGS]

Hello WHMCS community Members, 

 

Yesterday we investigated some websites that are selling Nulled versions of most of our WHMCS products. When we investigated further, we found that the owner of the website <Removed by Moderator - Leads to Nulled Software> has purchased our products. 

And they are now reselling at a price of $20. The picture gets more clear when a user comes on our live chat and asked for the support of our recently launched HostX WHMCS Theme & when we asked him for this official email he told us that he purchased that from <Removed by Moderator - Leads to Nulled Software>

We further investigated that the owner for <Removed by Moderator - Leads to Nulled Software> has actually purchased many products from our website, and in most of the cases they asked for refunds. We are sharing a screenshot of his services on our website:

 

 

 

These guys then unauthorizedly sell our WHMCS modules and themes with added suspicious contents. Not only ours, but they are also selling Modules Garden Products. <Removed by Moderator - Leads to Nulled Software> and many other brands. 

So this is a time to teach these guys a lesson.

 

There is another website: <Removed by Moderator - Leads to Nulled Software>

 

Thanks

WHMCS Global Services

 

Edited June 18, 2019 by WHMCS ChrisD
Website links removed by Moderator - Leads to Nulled Software

[Kian]

Very sad. Thanks for reporting 👍

[wsa]

I think what he doing is buying module of alot company and decoded and start sale it and see couple company module plus nulled whmcs also wow

Edited May 12, 2019 by wsa

[WGS]

7 hours ago, wsa said:

I think what he doing is buying module of alot company and decoded and start sale it and see couple company module plus nulled whmcs also wow

Yes, exactly what they are doing. 

[string]

I reported this site already serveral months ago to WHMCS and to the hosting provider (contabo, abuse@contabo.de). 
This amazes me a little, because Contabo is a German provider who actually has to react to something like that by law.

14 hours ago, wsa said:

I think what he doing is buying module of alot company and decoded and start sale it and see couple company module plus nulled whmcs also wow

That's not the only side that does that. There seems to be a market for it.

Edited May 13, 2019 by string

[wsa]

That true i see a couple site sale theme and modules

[wp4all]

Good morning,

regarding :

16 hours ago, string said:

I reported this site already serveral months ago to WHMCS and to the hosting provider (contabo, abuse@contabo.de). 
This amazes me a little, because Contabo is a German provider who actually has to react to something like that by law.

Unfortunately, Germany is not perfect here, we are well known for our regulations but especially concerning the Internet we are lagging far behind.

Without a court order, Contabo will not block any paying customer, everyone could come and say they have stolen my intellectual property block him now!

You can try it over the https://www.dmca.com ( Digital Millennium Copyright Act) we did it in the past and it works fine even in Germany.

WHMCS used it also in the past.

The take-down list can be found here --> https://github.com/github/dmca we use the data for our Blacklist.

Greetings Christian

[Remitur]

They're offering unlawful nulled cPanel and Plesk too...

I guess the easy way is reporting this to cPanel's and Plesk's guys, and wait to see what's happen... 😉

 

[WGS]

4 hours ago, Remitur said:

They're offering unlawful nulled cPanel and Plesk too...

I guess the easy way is reporting this to cPanel's and Plesk's guys, and wait to see what's happen... 😉

 

We did that today. 

[string]

Funny:

$ telnet <Website links removed by Moderator - Leads to Nulled Software> 
Trying <Website links removed by Moderator - Leads to Nulled Software> 
Connected to <Website links removed by Moderator - Leads to Nulled Software>.
Escape character is '^]'.
EHLO
220-<Website links removed by Moderator - Leads to Nulled Software> 25 ESMTP Exim 4.91 #1 Tue, 14 May 2019 23:26:06 +0200 
220-We do not authorize the use of this system to transport unsolicited, 
220 and/or bulk e-mail.
250-europe.<Website links removed by Moderator - Leads to Nulled Software>

 

I have no doubt that asrhost.com is affiliated with <Website  links removed by Moderator - Leads to Nulled Software>
I included that also in my report few months ago to WHMCS. 

On 14/05/2019 at 5:25 PM, Remitur said:

I guess the easy way is reporting this to cPanel's and Plesk's guys, and wait to see what's happen...

I had the same idea when i found this page. I did reported them to cPanel. Nothing happened. It seems contabo provides bulletproof hosting.
Contabo has some interesting history (Gigahosting, BGP session with syria), but thats an other topic.

Edit: Just saw that the screenshot of WGS already mentions asrhost.com. So yeah, they are definitely the same.

Edited June 18, 2019 by WHMCS ChrisD
<Website links removed by Moderator - Leads to Nulled Software>

[string]

16 hours ago, wp4all said:

Unfortunately, Germany is not perfect here, we are well known for our regulations but especially concerning the Internet we are lagging far behind.

Without a court order, Contabo will not block any paying customer, everyone could come and say they have stolen my intellectual property block him now!

I am not a lawyer and have no special knowledge in this regard, but I think that every reputable German provider responds to such a page.
Stichwort "Providerhaftung".

Quote

https://gema-politik.de/providerhaftung/:
Host providers provide storage for third-party content. You are liable for an infringement if you were aware of this or are not immediately blocking content posted on your platforms.

 

[wp4all]

Hi String,

You should read your article carefully, it doesn't say anything.

Quote

The coalition agreement between CDU, CSU and SPD states that the provider should be  liable.

This is only a plan that 3 parties have taken, except the Telemedien law §10 there is not really, a hardly legal handle outside the jurisdiction and exactly this is also at the top of my post. 

If you want to enforce the exposition of an online content in Germany, this is usually only possible by a court order.

We receive almost daily mails from angry and offended people that we should close customers content without valid evidence.
Should we comply with any of these requests, we would be sued by the affected customers for loss of service, financial damages and the like.

So if you wanna force a Page take down take money in your hand and go to an lawer.

Greetings Christian

[Kian]

Exactly. We're not talking about things like pedopornography, spam, ddos attacks, phishing that need to removed as soon as possible. For things that involve copyright an Hosting Provider can't do much. They're not a judge. This is something that have to be addressed in court or with lawyers.

Edited May 15, 2019 by Kian

[ISH]

it's true that he is buying module of all alot company and decoded and start sale it  @ cheap price (With out any hardworking). i can saw couple company's module with decoded whmcs

It's hard to stop These Spammers .If we Down one Site ,They with start another .

<Removed by Moderator - Leads to Nulled Software>

 

 

 

 

 

[Remitur]

BTW: is maybe possible now the decoding of php code obfuscated with last versions of Ioncube?

I know it was possible for older versions, but guess it was not (yet) possible with last versions... 😑 

Edited May 16, 2019 by Remitur

[wsa]

You can report to https://www.fraudrecord.com also I less they have a record when other companies make a search 

[wp4all]

Hi @Remitur,

19 hours ago, Remitur said:

BTW: is maybe possible now the decoding of php code obfuscated with last versions of Ioncube?

No one will give you an answer and if, the Community Manager of the Board would delete it immediately.

It should and will not be shown here, if and how to decrypt encrypted files.

There is actually also no reason to ask for it, otherwise there would not be this post at all or ?

Greetings Christian

 

[Remitur]

3 hours ago, wp4all said:

It should and will not be shown here, if and how to decrypt encrypted files.

There is actually also no reason to ask for it, otherwise there would not be this post at all or ?

Don't misunderstand me: I did not asked HOW is it possible, but only IF.

I would like just to understand how reliable is Ioncube, and if this skammer decoded the modules, or somewhat was able to get the source code ( ModulesGarden, i.e., sells also the decoded version...)

According to your answer, I guess it's somehow possible: which is not good news for me ...   ☹️  

[Kian]

It's always possible to decode anything otherwise your own server wound't be able to understand the content of encoded files. The purpose of services like ionCube is not to stop people from cracking your software but to make it harder. I'd say that with ionCube you can stop 99% of potential crackers. I'm talking about ones that don't know anything about obfuscation and that simply try to use ready-made softwares.

You can't do anything to protect yourself against the remaining 1%. If they want to see the source sooner or later they will succeed. In such cases you need design other solutions like SaaS (you can't crack a service), Agile development (10 releases per month equal 120 cracking attempts. Not worth. Better purchase a legit license key) and custom/secret ones.

[roger55]

If the developers and WHMCS would use Dynamic Key protection for their code, e.g. license queries could be secured so that they are not decrypted without the correct key. There is no 100% protection, but this option would make it more difficult for crackers. Pure ioncube encryption only provides moderate protection.  

The Dynamic Key is not complicated, but unfortunately only few use it.
The decryption of WHMCS and/or modules is not only stupid for the developers, users of such programs gain a competitive advantage because they save costs and can offer their products accordingly cheaper.

[string]

7 hours ago, roger55 said:

The Dynamic Key is not complicated, but unfortunately only few use it.

+1 for dynamic keys. I'm also surprised why so few seem to use it.
Probably because it requires to read the ioncube documentation and there are a few things to keep in mind when using dynamic keys to get started with it.

[Kian]

Probably we're going a bit off-topic but the use of Dynamic Keys has downsides:

• It has an impact on performance
• You need to re-think and re-code parts of your software
• A developer already deals with PHP, Smarty, js, jquery and tens of other libraries, MySQL, Lavarel/PDO, hooks, API, needs to comment and document his own code, debug bugs, fight against nonseniscal changes of WHMCS, registrars, server modules... The idea of adding another layer of complexity isn't inspiring 🤮

[Remitur]

Rainy sunday, so I spent little time in investigating...

On the same server of this site, there's also this:  <removed - please do not link to nulled software sites>

To the same server point also two older domains ( <removed - please do not link to nulled software sites> and <removed - please do not link to nulled software sites> ( but, I guess, areunrelated to this guy: maybe just old, abandoned domains, which point to this IP that little time ago was used differently)

 

Edited May 20, 2019 by WHMCS ChrisD
<removed - please do not link to nulled software sites>

[WGS]

<Website  links removed by Moderator - Leads to Nulled Software> 25

One more in this list Guys.

Edited June 18, 2019 by WHMCS ChrisD
<Website links removed by Moderator - Leads to Nulled Software> 25