All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[Announcement] WHMCS - Tables gone missing!
Ash_Hawkridge
Member
Hey Guys.
Just wanted to let providers know that we woke up this morning to find the user-ID records had completely disappeared from our WHMCS database. At this moment in time we cannot confirm how this has happened, but from our initial research we cant find any traces of unauthorized access to our MYSQL database directly and there are no access attempts reported within WHMCS.
I can confirm that a full securing of our installation was completed after the WHMCS hacking incident came to light, meaning that all details were different to what they would have been in the WHMCS database.
We are worried about attempting to submit any form of data via the WHMCS site and thus we are working with licensepal to try and find the cause of this issue.
For our clients..
We have our own system in place now (Which we have been developing and putting together since the hacking of WHMCS) however we did not plan to implement it this quick so there may still be some bugs that need ironing out. You will receive an email with further info.
Comments
Ouch,
Ever since my SolusVM install decided to have a cleaning party and wipe half the database I have always made daily backups of all my databases.
We do have backups, but at this point we just want out altogether. Its just to risky knowing what's out there.
Just drop it now. It's broken in so many ways it's simply not worth the risk...
Lmao manual processing is a task at the best of times, bringing two cans and a piece of string into it would be to much.
You ain't kidding! Back in 94 when I started i1.net I had no idea how important a billing system was an used Peachtree and blew that to bits within 3 months time, and switched to timeslips which lasted about a year, not until I started using Platypus did I have something that would scale no matter how large I got, and did scale to 17k active clients. Friends still use that system today, and seems there are hooks for everything. It's not cheap, requires MSSQL and a Windows client, but might be worth a look.
I don't want to imagine manual processing for a 17K user base.
The system we have built now is in three parts;
1) The order system. Orders are sent to a dedicated address, the IP used to submit the form is then checked against Maxmind (Similar to how the WHMCS plugin works)
2) The billing backend. An invoice is issued for the order with PayPal express checkout built in, invoices are delivered with a unique hash variable and viewable online but there is no "Client Area"
3) The support system. Just a standard ticket system, we just create an account manually and send the account details with the server welcome email.
Its going to take a bit more work, but no sensitive data is stored anywhere (Other than the invoice backend)
Only time will tell how it works out i guess, i just cant risk continuing with WHMCS now.
A little op,
Ashley, your site looks a little funky on my browser. I use Chrome Beta.
Screenshot
And why are you forcing to https on your home page, first thing any user sees is "Unsecure Content" that will scare people off right away.
It's fine (and not forcing https) on my Android phone with Dolphin browser.
A message that allows me to load content or not load it? Even if they do not load it they do not miss anything important I can see.
I think the point is that it's mixed content - some is drawn from https://getkvm.com and some from non-https (probably the pingdom or googleapis links). Hence the browser error.
Unsecure Content is easily fixed... just find out what's loading from http://
http://www.whynopadlock.com/ it will help you solve all your problems. It is a life saver.
Well, it's not as bad as a self-signed cert.
@GetKVM-Ash
Check where you're loading JQuery and AddThis javascript from.
Hint hint, not over SSL :P