SCUM on this forum.

[camosawus]

Sadly I am here to report that some members of this forum are using this forum for unsavory purposes.

 

Last night I received about 20 login failure notifications from WHMCS. I was saddened to see that among the usernames that had been attempted was the one that I use on this forum. This means that somebody had got my WHMCS link from another post.

 

I guess this serves as a warning to be be vigilant with your usernames and passwords.

[bear]

Indeed, it's true.

There are those that will see URLs posted here and assume the person at the other end has a working WHMCS installation to attempt hacking on. Follow the safety precautions in the WIKI, and never, never never use the same password for more than one thing on line.

[BAJI26]

Couldn't it be just a "guess" user?! Admin should change the forum permission so that guess can't see links or anything that is in BB Code or even truncate messages.

[bear]

Since it would appear that guests might be using the showcase forum to locate installations, we've changed permissions to allow only logged in users to view that section. Might not stop it entirely, but if it was being used by unregistered members, this would make them have to register.

[mcraedesigns]

Don't feel too bad, I still have some links in the forums. Visitors come from the forum here and strip stuff from my site. It seems to be the norm, I tried to get most of them removed. Granted 99% of the people on here find posts useful, and help out and provide valuable opinions. The other 1% are scum who are looking to do little to no work and gain a buck off of it!

[panacheweb]

I would suggest that registration on the forum be locked to people that have legitimate licenses.

[Zorro67]

I would suggest that registration on the forum be locked to people that have legitimate licenses.

 

Or legitimate domains (?)

[Daniel]

It'd probably just be easier if you changed your admin directory - It still amazes me that people leave it as the default.

[camosawus]

i dont think it would be appropriate to lock the forum to license owners only as many people will investigate the forum before making a purchase. those who are genuine will generally be happy to sign up to view the member only boards.

 

i was unaware the admin directory could be changed. i mustve missed this point somewhere. I will look into changing this. thanks for the tip

[brianoz]

It's also a good idea to use a .htaccess file to block access to your .tpl files so they can't be stolen ... if you use CSF and they get a few hits, they'll get blocked as well.

[bear]

I would suggest that registration on the forum be locked to people that have legitimate licenses.

That would require tying the licensing server into VB, not something I'd be comfortable with, personally. Besides, what would happen if they bought a monthly license then let it expire? Would you then forbid access from that point forward?

It's a decent idea, but I can't see doing it.

Or legitimate domains (?)

In what way, registration email? We already require email verification, but do allow many of the free email domains (or we'd have rioting ). Or maybe you'd meant needing to provide a legitimately registered domain at signup? Easy enough to fake I'm afraid.

if you use CSF and they get a few hits, they'll get blocked as well.

Also a good suggestion, though by default I don't believe it watches 3rd party apps unless configured to do so. I haven't played with CSF much, but I do know it's possible to get BFD/APF to 'notice' certain behavior and act on it. A workaround with CSF/LFD is to use a directory password for your admin folder: "lfd can monitor the most commonly abused protocols, SSHD, POP3, IMAP, FTP and HTTP password protection."

[merlinpa1969]

you can also use htaccess to deny access to any IP thats not yours

[netearth]

I would suggest that registration on the forum be locked to people that have legitimate licenses.

 

Seconded, completly agree with this suggestion

[sparky]

Seconded, completly agree with this suggestion

I completely agree as well.

I Suggest to move the Pre-Sales Questions to General and have the Community section only for members with valid licenses and a minimum of 50 posts.

[merlinpa1969]

I completely agree as well.

I Suggest to move the Pre-Sales Questions to General and have the Community section only for members with valid licenses and a minimum of 50 posts.

 

and how in the world is someone that JUST purchased a license supposed to meet your requirements.....

[barco57]

and those that own a license but have not had the need to ask questions on the forum or respond to question. Maybe they only use the forum to answer their own questions without having to ask any........I would hate to have to come up with 50 different posts just so I can get into the closed area.

[sparky]

Maybe a Learners section for all the unnecessary questions that get asked before a search of the forums and the wiki would reveal their answer. I'm sure I'm not the only one that is skipping over quite a few now days. No offence to the few that actually do search.

[keliix06]

Minimum post requirements always lead to additional garbage posts where people say "nice" or "I agree". Basically they're useless.

[bear]

You said it. Absolutely true.

[Daniel]

What's to say that the "scum" doesn't have a valid WHMCS license?

 

Locking out people that don't own a license will achieve nothing - just secure your installation properly.

[buko]

I don't have 50 posts you would ban me to

 

By the why i'm you client is well :lol:

 

Simple! If you don't have purchased license can't register that's rule like AWBS forum people can't even see it from public.

 

[sparky]

Come on guys the 50 posts bit was a bit overboard on my part. Just a section for license holders.

[merlinpa1969]

hey sparky, the problem is that how many folks here HAVE a license and are still trolls and scum?

 

it wont stop em just make sure your security is up to snuff

[bear]

Locking out people that don't own a license will achieve nothing - just secure your installation properly.

Yup, that.

 

I don't have 50 posts you would ban me to

Yes!...er...I mean, no!

It's unlikely we will be implementing any sort of post limits at this point.

I'd suggest it's also unlikely that the licensing system will be tied into this, meaning that any sort of confirmation would have to happen manually. This would mean not only verifying they are allowed to access after purchase, but monitoring if they've sold their license or stopped paying for monthly licenses.

 

That's a full time job when you have a forum with 14,672 members registered.

 

And what would it gain?

Purchasing a license doesn't guarantee they aren't bad people.

Here's another thought that might not have occurred to those that believe this forum is the only source for these attacks:

Google: Results 1 - 10 of about 119,000

Not sure removing access to any part of this forum would make it harder to find licensed users. That in combination with buying branding free might.

[goddess_dix]

i review the support forums for any software before making a purchasing decision. they type of help available and reports of what people have issues with, along with info about how to do various tasks, is part of my decision-making process.