WHMCS branding remains in admin section?

[poodog]

Does the WHMCS copyright and branding still remain in the admin section or do I need to do a reinstall/upgrade after purchasing non-branded solution? If the branding still remains in the admin section, can you explain why?

[MACscr]

It does remain in the admin area. Matt can explain why. I pretty sure this has already been explained somewhere though.

[poodog]

Well. I for one would like to see that change. We plan to bring over employees from another venture to staff administrative functions in the next 6 weeks. If we use this, they will all know things they do not need to know about, including how we integrated it.

 

Besides, it was sold as non-branded. Anyone can go to /admin and read the copyright.

 

Will it break if we use .htaccess protection? This will at least hide the information from clients and resellers.

 

I think it should be removed like NOW. It makes no sense to me at all.

[MACscr]

the non branded description says that its just for the client area. Mentions nothing about the admin area. You can also replace the header image with one of your own. Yes, you can block access to that folder using an htaccess file, but i think its a little over kill. No matter how well you template things, a trained eye will still now what billing software you use.

[Matt]

You paid for powered by line removal from the client area - not copyright line removal from the admin area. Why are you trying to hide from your staff the system you use? Won't the references to WHMCS in the Help menu give it away?

 

Matt

[poodog]

Staff does not need to know what they don't need to know. My point is why is it there? It's your software, it's your choice, but I for one don't agree with it.

[addeacher]

Staff does not need to know what they don't need to know. My point is why is it there? It's your software, it's your choice, but I for one don't agree with it.

 

I was thinking the same except not staff, but if its suppose to be non branding there should be no trace of branding at all, not about hiding which system use, but not everyone needs to know what you use especially simple going to yourdomain.com/admin all will know what your using even if they weren't familiar with the look if whmc

[YodaCows]

Staff does not need to know what they don't need to know. My point is why is it there? It's your software, it's your choice, but I for one don't agree with it.

 

I was thinking the same except not staff, but if its suppose to be non branding there should be no trace of branding at all, not about hiding which system use, but not everyone needs to know what you use especially simple going to yourdomain.com/admin all will know what your using even if they weren't familiar with the look if whmc

Just password protect /admin with htaccess.

 

~YC

[MACscr]

then change the admin folder name so they dont know what it is (i think matt said this could be done). While i myself would like branding to be completely removed if purchased. Heck, there is a lot to be desired of the admin area as far as templating, etc, but i just dont see it happening unfortunately.

[MACscr]

Staff does not need to know what they don't need to know. My point is why is it there? It's your software, it's your choice, but I for one don't agree with it.

 

I was thinking the same except not staff, but if its suppose to be non branding there should be no trace of branding at all, not about hiding which system use, but not everyone needs to know what you use especially simple going to yourdomain.com/admin all will know what your using even if they weren't familiar with the look if whmc

Just password protect /admin with htaccess.

 

~YC

 

That would be simple, but if your like me, you hate logging into things twice. I think it would be better to just use an htaccess file to redirect from login.php to adminlogin.php (custom fine), and make your own login page there. Would be pretty simple actually. If you like, i can write up something this weekend if i get the chance. Basically everything would still be branded internally, etc, but someone just visiting the admin page and not logged in, would view whatever custom (non branded) admin login page you have setup.

[YodaCows]

That would be simple, but if your like me, you hate logging into things twice. I think it would be better to just use an htaccess file to redirect from login.php to adminlogin.php (custom fine), and make your own login page there. Would be pretty simple actually. If you like, i can write up something this weekend if i get the chance. Basically everything would still be branded internally, etc, but someone just visiting the admin page and not logged in, would view whatever custom (non branded) admin login page you have setup.

I don't know, sounds like more work and a more complicated solution for a simple "problem."

Besides, a decent browser will remember your passwords anyway....so it's just a matter of clicking Ok.

 

~YC

[MACscr]

it would only take me 15 mins to whip something like that up, so I wouldnt call it a complicated solution. Plus it could be combined with the ability to force ssl or not for admin as well.

[bear]

Besides, a decent browser will remember your passwords anyway....so it's just a matter of clicking Ok.

Not a good idea to use the remember passwords feature of browsers any longer, Look here:

http://www.google.com/search?hl=en&q=mozilla+password+exploit&btnG=Google+Search

[YodaCows]

Besides, a decent browser will remember your passwords anyway....so it's just a matter of clicking Ok.

Not a good idea to use the remember passwords feature of browsers any longer, Look here:

http://www.google.com/search?hl=en&q=mozilla+password+exploit&btnG=Google+Search

I wouldn't go as far to say it's a bad idea, you just have to be careful.

 

~YC

[bear]

How do you be "careful" about something like this other than not use it?

[YodaCows]

How do you be "careful" about something like this other than not use it?

When the weather is bad, do you drive carefully or do you just stay indoors?

 

You can use the Firefox Manager Carefully by only using it for selective login forms. For example, I highly doubt I'll ever end up on a phishing page resembling my WHMCS login. Nor do I foresee anyone running a phishing page to obtain WHMCS logins under the guise of something else.

 

That is what I mean.

 

~YC

[addeacher]

Just password protect /admin with htaccess.

 

~YC

 

exactly what i did for now.

[bear]

[You can use the Firefox Manager Carefully by only using it for selective login forms. For example, I highly doubt I'll ever end up on a phishing page resembling my WHMCS login. Nor do I foresee anyone running a phishing page to obtain WHMCS logins under the guise of something else.

So your assumption is that no one will be able to use this to perhaps create a hidden login (1 px iframe perhaps) that will be autofilled with info not intended for it? Any exploit like this doesn't stay static and predictable, but instead will be manipulated for best results.

Why not target a client manager that potentially has logins for hosting accounts, CC info and more?

 

It is of course your choice, but for the safety of my own servers clients and logins as soon as this was discovered I stopped using it altogether. No point risking it when it's easily avoidable.

[Harrison]

Oh, if you guys love logging in twice then feel free to use htaccess.

 

Just do what someone else said and rename your admin folder. I believe Matt has said somewhere on the forums that this won't break anything - just keep your cron and email piping links up to date.

[TheGamer]

Looks like someone is taking credit for the WHMCS software creation other than Matt.

[MACscr]

Looks like someone is taking credit for the WHMCS software creation other than Matt.

 

huh?

[Harrison]

Looks like someone is taking credit for the WHMCS software creation other than Matt.

 

I'm Lost

[bear]

He's insinuating that the reasoning for wanting the branding removed in the admin area is so they can claim they wrote the billing manager and not Matt/WHMCS. I must admit I can't see a need to hide the script from admins/staff...I mean, if you can't trust the staff, what are they doing being hired as staff in the first place?

[generic]

you could always just change the logo to your own for some branding to your company (if thats not in violation of the license)

 

admin/images/toplogo.gif

[bedot]

3 points..

 

1) The WHMCS Monthly Lease No Branding does clearly state that its only the powered by line which it removes.. which stops visitors and clients from seeing the branding

 

2) Templating for the admin area would be a nice idea, but the standard template works well enough for me... obviously for people which struggle with skinning this is quiet a large job.. and would require abit of documentation on WHMCS's part.

 

3) If you cant trust your staff to know that your running WHMCS, then tbh why let them in your office? Would you invite a theif round for coffee?

 

Happy new year guys.x