Knowledgebase

  1. Portal Home
  2. Knowledgebase
  3. WHMCS SETTINGS
  4. Petition to WHMCS reblogged

Petition to WHMCS reblogged

  1. Today, 12:29 AM#1
    tsiedsma is online nowBeta Testers
    Send a message via AIM to tsiedsma Send a message via MSN to tsiedsma
    Join Date
    Mar 2008
    Location
    Des Moines, Iowa
    Posts
    684

    Default Petition to WHMCS - Please rewrite using good code!

    Hello everyone, I'm sure you're aware of all of the recent security issues related to WHMCS. The problem with these issues isn't that someone decoded the encrypted files or identified exploitable code, it's that the code was written so poorly to begin with.

    The coding standards used in WHMCS are very old and very much against best practices. They even went so far as to create a work around to Register Globals that PHP removed from the software for security reasons. Doing this has lead to a couple of the exploits that we've all been dealing with.

    It is of the opinion of many qualified people that in order for WHMCS to resolve this issue once and for all, a complete code rewrite must be performed. You can't simply search and replace to fix the underlying issues. Everything is very much intertwined and linked together.

    I know you agree with me when I say that all I want is a usable system. Something with enough features to allow my business to grow and thrive in this competitive market we are all in. I also want something secure enough that I can sleep at night without fear of someone exploiting a vulnerability in the software I use to house all of my customer and server data.

    Join me in my efforts and tell WHMCS that you want the same thing. Vote up this feature request and maybe, just maybe they will listen to us.

    https://requests.whmcs.com/responses...ne-secure-code
          
  2. Today, 01:11 AM#2
    tsiedsma is online nowBeta Testers
    Send a message via AIM to tsiedsma Send a message via MSN to tsiedsma
    Join Date
    Mar 2008
    Location
    Des Moines, Iowa
    Posts
    684

    Default Re: Petition to WHMCS - Please rewrite using good code!

    Welp, they killed my feature request. I guess that tells us what they think of us...

    Goes to an error page now.

    It was well written, non insulting and was a nice request to secure the software. It had support from users on WHT as well as here.
    What gives WHMCS?
          
  3. Today, 02:04 AM#3
    Keiro is offlineMember
    Send a message via AIM to Keiro Send a message via MSN to Keiro Send a message via Yahoo to Keiro Send a message via Skype™ to Keiro
    Join Date
    Jun 2009
    Posts
    113

    Default Re: Petition to WHMCS - Please rewrite using good code!

    Fortunately for me, I've moved off of WHMCS.

    No way in hell am I moving back to WHMCS. And I won't offer WHMCS licenses to my clients.

    I voted for this. I was expecting them to accept the feature request. Not delete it and remove it from view.

    That simply tells me that they don't give a **************** about us, the people that use their software. Their actions will come back to bite them in the rear, sooner or later.

    Sooner or later, someone will sue WHMCS, and they will be found liable.
          
  4. Today, 02:41 AM#4
    WHMCS Chris is online nowWHMCS Staff
     
    Join Date
    Aug 2012
    Location
    Houston, TX
    Posts
    828

    Default Re: Petition to WHMCS - Please rewrite using good code!

    Hello,

    I've removed the feature request as the feature request system is not designed for that. The request to have a completely rewritten piece of software in a short time is simply an impossible feat - there are nearly 500,000 lines of code. However, WHMCS has began rewriting the core of the code in 5.3. The unfortunate aspect is that software in general will always be faced with vulnerabilities. If you follow any exploit report websites, you'll see this on an extremely regular basis. Even companies like PayPal and Oracle still battle this.

    To assume that WHMCS itself does not care about the customers, or the security of the software its providing is difficult to accept. Historically, we can see that immediately when something is known we have provided software updates mitigating the issue in a very short amount of time. It's quite unfortunate that some individuals do not follow responsible disclosure procedures as their intent appears to be terroristic in nature. 

    We have, and continue to work with a number of third party vendors for responsible disclosures as well as our own internal audits (hence the regular updates over the past 6 months), and the push to rewrite the core in 5.3.

    I am going to close this thread not for need of further discussion, but rather move it to a more appropriate forum - if you wish to continue this, feel free to email me directly chris[at]whmcs.com.

    We will be making a public statement in the near future which will likely address the majority of questions.
          
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

TERMS OF SERVICE

 Terms of Service on Checkout Page This simple template addition replaces the Terms of...

WHMCS FREE ADDONS

http://whmcsaddon.comFREE LIVE CHAT FREE TWO FACTOR AUTHENTICATION 

WHMCS TICKET EXPLOIT

Please familiarise yourself and beware of these things. Rogue tickets in your system may be a...

WHMCS HACKER CAUGHT USING EXPLOITS

Known information about a hacker going around Hacking into WHMCS Systems. Going by the name...

WHMCS OATH / TWO FACTOR AUTHENTICATION

https://bitbucket.org/Doctor_McKay/whmcs-oath-addon/src/tip/README.mdDOWNLOAD HERE...

  Tag Cloud

"Ports required for VPN connection have been blocked by firewall "were sorry 3 B + 3B+ unable to boot 7360 7390 7490 7590 accounting 101, myob accounting, myob pdf, accounts 101, ADBLOCK ADD CORRECT HOST KEY Administrators only have bank feed access, Myob Bank Feed error, ALEXA RASPBERRY BOOT WITH FANCY LEDS ALEXA START ON BOOT RASPBERRY amazon developer authentication error AMAZON ERROR An erro Occured when we tried to process your request APPLYING CREDITS ARCHER C5 ARCHER C7 V2 ARCHER C7 V2 LEDE FIRMWARE ArchLinux arduino AUTHENTICATION ERROR AUTOQUOTE CONFIGURATION SETTINGS, CONFIG, AUTOQUOTE CONFIG AVM AVM DE BEST VNC BEST VNC FOR RASPBERRY PI BLANK PAGES PRINTING BRICKED BROTHER PRINTER BLANK PAGES BROTHER PRINTERS cannot send email thunderbird changing clock error odroid CHEAP HOME SERVER CISCO CISCO E4200 ClearOS ClearOS App Removal ClearOS Apps ClearOS MArketPlace Apps CLONE RASPBERRY SD CARD, CLONE SD OPERATING SYSTEM, CLONE ODROID COMMAND LINE UPDATES LEDE / OPENWRT COMMAND LINE UPDATES ROUTERS config editor config editor thunderbird COPY OPERATING SYSTEM CREDITS CROATIA crypto locker, prevent crypto locker, stop malicious software, e D-LINK, EMULATORS, D-LINK ROUTER EMULATORS, DD-WRT DD-WRT DEMO DD-WRT EMULATOR DD-WRT ROUTERS, DD-WRT ROUTER INFORMATION, DDWRT DNS dnsmadeeasy DOH DOH DNS DOMAIN HOST DOMAIN REGISTRATION domain renewal, billing renewal, renewal reminder, domains, host DOMAINS dyn dns dynamic dns E4200 E4200 V1 E4500 EASY RASPBERRY REMOTE EASY VNC RASPBERRY EMAIL HOSTING Employees Greyed Out EMULATOR EMULATORS error 1709 error 1907 ERROR WHEN SETTING UP MYOB CONNECTOR EVERLOOP MATRIX VOICE expired domains, lapsed domains, domain recovery, domain renewal FAILED TO CONNECT. MYOB CONNECTOR FANCY LIGHTS ALEXA FIREWALL Firewalls FLASHING ROUTER FLSAH SOFTWARE MAC FORTINET FREE DOMAIN HOSTING FREE DYNDNS SERVICE, DNSMADEEASY PAID SERVICES, DNS SERVICES, IP FREE HOSTING, FREE SSL, FREE , MAD!, FREE TRIALS FREE WEBSITE FREECLOUD Fritz 7490 FritzBox! FritzFon! GETTING STARTED MATRIX VOICE Go to systems preferences Sharing and tick the box File Sharing, HOME CLOUD HOME SERVER HOMEBUILD MINI ROUTER HooToo HT-TM02 HOST host file error HOST KEY IN KNOWN_HOSTS HOSTING HOSTING TRIAL HP PRINTERS HTTPS I cant make my user active INTERNET / ADSL TROUBLESHOOTING INTERNET ISSUES IPTV ISOLATION TEST KNOWN HOSTS ERROR KNOWN_HOSTS KNOWN_HOSTS IP ADDRESS CHANGED Kodi LEDE LEDE CLONE LEDE PROJECT LEDE ROUTER LibreElec lightning payroll, XP error, Server 2003 error, Lighting payroll LINKSYS LINKSYS-DDWRT LINUX CLONE linux commands LUCI Mac Mail, Read receipts, Remove read receipts,  Make your own Portable Router Market Place Removal ClearOS MARTIX VOICE HARDWARE DEMO MATRIX ALEXA matrix alexa authentication error MATRIX ALEXA HEADLESS START MATRIX ALEXA START ON BOOT MATRIX AMAZON ALEXA MATRIX CREATOR MATRIX RASPBERRY ALEXA BOARD MATRIX START ON BOOT MATRIX VOICE MATRIX VOICE DEMOS MATRIX VOICE HARDWARE TEST MATRIX VOICE RASPBERRY BOARD MATRIX VOICE RASPBERRY TEST MERCURSYS EMULATOR MERCURSYS FIREWALL MERCURSYS ROUTER MERCURSYS SIMULATOR MERCUSYS MERCUSYS DEVICES MFC MICROSOFT SEQUEL SERVER MICROSOFT SQL MIKROTIK Mikrotik Backups Mikrotik email MIKROTIK EMULATOR Mikrotik Fan Control Mikrotik Netwatch MIKROTIK ROUTER OS Mikrotik VPN Mini Routers Movie Viewer Movies Myob user set to inactive, Myob User Greyed out, Myob User inact NETGATE NETGEAR WN2000RPT New Raspberry not booting NEXTBERRY NEXTBERRY CLOUD NEXTCLOUD NON SIGNED FIRMWARE NON SIGNED SOFTWARE ERROR Nord VPN odroid clock setting ODROID CLONE, CLONE SD CARD, CLONE RASPBERRY PI, CLONE UBUNTU MA odroid time zone setting Only 2 Clients in admin centre pi-hole Only 2 Clients on PI-Hole Dashboard OPEN-WRT openwrt OPENWRT FLASHING Openwrt Router OPERATING SYSTEM BACKUP orm integration, panel quoting package, panel beater quotes, quo OS BACKUP OS CLONE OVERPAYMENTS PayPal, email scams, phishing scams , Peer using unsupported version performance report raspberry pfsense pfsense CPU1 error pfsense not booting pfsense not starting php email , event email, prowl notication php mail, php page visited notification, page visit alert, robot php multiple recipient script, multiple recipients in email scri PI Hole PI-HOLE PI-Hole Clients PiHole portable OpenWRT router POWER UTPUT WIRELESS ROUTERS POWERFUL MINI ROUTER Rainbow screen Raspberry 3B+ RAPSBERRY PI WIRLESS ISSUE raspberry raspberry arguments RASPBERRY CANNOT CONNECT WIRLESS RASPBERRY CLOUD Raspberry commends RASPBERRY FIREALL RASPBERRY HEADLESS ALEXA START RASPBERRY HOME CLOUD RASPBERRY HOME SERVER RASPBERRY LEDE ROUTER Raspberry not booting RASPBERRY OPNWRT RASPBERRY PI CANNOT SEE WIRELESS NETWORK raspberry pi commands RASPBERRY PI3 & OPEN-WRT RASPBERRY PRIVATE CLOUD RASPBERRY PRIVATE SERVER RASPBERRY REMOTE CONTROL RASPBERRY SNIPS RASPBERRY START SCRIPT ON BOOT raspberry temp RASPBERRY UBUNTU CLOUD SERVER RASPBERRY UBUNTU SERVER RB Mikrotik REFUNDS REMOTE ACCESS remote host has changed identification remote hosts Remove Apps ClearOS RESTORE TONIDO OPERATING SYSTEM ringtones, free tones , mobile ringtones RINGTONES, RINGTONE MAKER, FREE ONLINE RINGTONE CREATOR router ROUTER OS Routerboard ROUTERS SCREEN RESOLUTION, SCREEN SIZE, DISPLAY OPTIONS SCREEN SIZE EXCESSIVE, CANNOT SEE BUTTONS ON LOWER OR TOP EDGE, SD CARD FLASHING security security tls security tls thunderbird SEQUEL SEQUEL SERVER SG-1000 Smallest Router sms marketing, sms from your computer, sms portal,  sms marketing, sms signup, sms from your pc, sms portal SNIPS MATRIX INTEGRATION SQL SQL SERVER SSH SERROR SSH Warning START ALEXA HEADLESS ON BOOT START ALEXA ON BOOT RASPBERRY START ALEXA ON BOOT SCRIPT START SCRIPT ON BOOT T-SQL TEAM VIEWER TEAM VIEWER REMOTE teamviewer teamviewer 9 teamviewer downloads temperature report TEW-810DR the thunderbird elusive config editor thundebird Thunderbird email Tick TOMATO TOMATO ROUTER TONIDO CLOUD TONIDO FACTORY RESET TONIDO NAND FLASH TONIDO NAND RESTORE TONIDO PLUG 2 TONIDO PLUG OPERATING SYSTEM TONIDO PLUG RESET TONIDO PLUG SYSTEM RESET TONIDO SERVER TONIDO TTL CONNECTOR TP LINK, EMULATOR, ROUTER EMULATOR, TP-LINK ROUTERS, TP-LINK C7 ARCHER TP-LINK WNDR7500 TPL-LINK ARCHER C7 Travel Router TRENDNET triple j, lounge fm, cafe cody, soundtracks to your life, TROUBLESHOOTING INTERNET ISSUES UBIWUITY EMULATOR UBUNTU CLOUD SERVER ubuntu commands UBUNTU PRIVATE CLOUD Unbound UNIFY UNIFY EMULATOR UNIFY WEB CONFIG UPDATE ALL LEDE PACKAGES UPDATE ALL LEDE PACKAGES COMMAND LINE UPDATE PACKAGES LEDE UPDATE PACKAGES OPENWRT UPDATING LEDE UPDATING OPENWRT User IDs inactive since upgrading VNC FOR RASPBERRY VPN WEB HOST WEB HOSTING web radio Webfig Winbox WIRELESS OUTPUT WIRELESS POWER RATINGS WIRELESS RANGE WN2000RPT WN2000RPT V2 WNR2000

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket