Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > WHMCS.com down [DOS]
Posted by livetecs-hosting, 09-12-2012, 02:59 PM I just tried to login in WHMCS portal but neither portal nor websites are loading. Downforeveryoneorjustme.com also showing WHMCS as down.
http://www.downforeveryoneorjustme.com/www.whmcs.com
Posted by Askforhost-AJ, 09-12-2012, 03:02 PM Seemed to be down. But i don't think they are hacked. Maybe Network error or something.
Posted by Serverfruit-Kris, 09-12-2012, 03:05 PM They're indeed down, but I wouldn't just assume that they were hacked... There are a million and one possibilites why it could be down.
Posted by (Stephen), 09-12-2012, 03:08 PM interesting, their DNS is pointing directly to Cpanel's IPs...
Posted by Noticed, 09-12-2012, 03:12 PM Ahhh, not again .
But I agree with others they probably weren't hacked again, just unexpected downtime.
Does anyone else get this when viewing cPanel.com "Error establishing a database connection"?
Posted by ~Lee~, 09-12-2012, 03:15 PM Of course it does why would it not?Quote:
Originally Posted by (Stephen)interesting, their DNS is pointing directly to Cpanel's IPs...
Posted by UnderHost, 09-12-2012, 03:16 PM There some topics "tangodown" on Twitter from hacktivist, might be the cause and also why cPanel website have some issue.
Posted by Eased, 09-12-2012, 03:26 PM Links or it didnt happen.Quote:
Originally Posted by UnderHostThere some topics "tangodown" on Twitter from hacktivist, might be the cause
Posted by htb, 09-12-2012, 03:27 PM yes up and down here
Posted by matador, 09-12-2012, 03:27 PM I don't get how a company can be down like this...
Apart from it affecting their business, etc.. it affects current customers.
I'm on here because I cannot get into Admin interface due to WHMCS complaining its been unable to verify the licence for a few days.
Probably wouldnt be much to put that check licence script on a seperate "cloud" infrastructure, so it could atleast check current clients.
Here's hoping,
Posted by Serverfruit-Kris, 09-12-2012, 03:28 PM They're in a partnership with cPanel.Quote:
Originally Posted by (Stephen)interesting, their DNS is pointing directly to Cpanel's IPs...I do see that error.Quote:
Originally Posted by NoticedAhhh, not again .
But I agree with others they probably weren't hacked again, just unexpected downtime.
Does anyone else get this when viewing cPanel.com "Error establishing a database connection"?
Posted by Noticed, 09-12-2012, 03:28 PM http://twitter.com/TheWikiBoatBR is i'm guessing what they're seeing, but I don't think they were the cause of it. I think they just wanna take credit for it.Quote:
Originally Posted by EasedLinks or it didnt happen.
Posted by Eased, 09-12-2012, 03:30 PM Answer:Quote:
Originally Posted by (Stephen)interesting, their DNS is pointing directly to Cpanel's IPs...
http://www.webhostingtalk.com/showthread.php?t=1170039
Posted by saqibnpt, 09-12-2012, 03:50 PM Quote:
Originally Posted by matadorI don't get how a company can be down like this...
Apart from it affecting their business, etc.. it affects current customers.
I'm on here because I cannot get into Admin interface due to WHMCS complaining its been unable to verify the licence for a few days.
Probably wouldnt be much to put that check licence script on a seperate "cloud" infrastructure, so it could atleast check current clients.
Here's hoping,
WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
am also getting same error when we try to login admin panel.
any other person facing this issue in admin area?
Posted by Dan_EZPZ, 09-12-2012, 03:54 PM http://twitter.com/cPanel/status/245960438150479872
Posted by saqibnpt, 09-12-2012, 03:56 PM whmcs.com completely down from every location in the world.
check it via host-tracker .com
Posted by hostgj, 09-12-2012, 04:00 PM whmcs is down again
This is really frustrating because it is not possible to enter admin in whmcs
Posted by abertina, 09-12-2012, 04:26 PM Hi
what happened to WHMCS.com?
it about 1 hour that my whmcs license is invalid and it shows me
License Noconnection
unfortunately whmcs.com is down too and i can't contact them.
Posted by nickia, 09-12-2012, 04:38 PM Down here. I run a company much smaller than WHMCS and have better contingency system than WHMCS. At bare minimum and elementary, you need to have multiple servers at different location doing the license check.
This is incredible.
Posted by httpEasy, 09-12-2012, 04:42 PM Feeling with those who depend on their license server. Hopefully they have an excuse that's less lame than the last one (or the one GD came up with after thinking hard for a day).
Posted by htb, 09-12-2012, 04:43 PM i got that right now License Noconnection
Posted by CW Mike, 09-12-2012, 04:44 PM https://www.facebook.com/whmcsfans They've got network issues.Quote:
We are experiencing network issues with our website and ticket system. Our system admin are working hard to resolve.
Posted by OzarkTechPC, 09-12-2012, 04:44 PM Quote:
Originally Posted by saqibnptWHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
am also getting same error when we try to login admin panel.
any other person facing this issue in admin area?
WHMCS is down for me also. Can't access my admin area either.
Posted by CW Mike, 09-12-2012, 04:47 PM It's getting pathetic now.Quote:
Originally Posted by Noticedhttp://twitter.com/TheWikiBoatBR is i'm guessing what they're seeing, but I don't think they were the cause of it. I think they just wanna take credit for it.
Posted by Shyuan, 09-12-2012, 05:04 PM Me too, can't access whmcs.com.
Posted by MACH9Servers, 09-12-2012, 05:04 PM Lets just give them time, after all things do happen.Quote:
Originally Posted by MichaelDanceIt's getting pathetic now.
Posted by httpEasy, 09-12-2012, 05:09 PM The empire strikes back: WHMCS IP monitors report several servers down...luckily they aren't.
Posted by CW Mike, 09-12-2012, 05:11 PM I was talking about the so called Anon attacks.Quote:
Originally Posted by hosthaliLets just give them time, after all things do happen.
Posted by localhost-ca, 09-12-2012, 05:15 PM Appears down for me too at the moment. Was working around an hour ago though.
Posted by freethought, 09-12-2012, 05:18 PM It looks like the cPanel/WHMCS IP block 208.74.120.0/24 which the WHMCS.com web-site is on (208.74.120.227) isn't being announced at the moment, although other blocks from their 208.74.120.0/21 allocation are fine (all announced as separate /24 prefixes for some reason).
From about 19:15 to 20:45 (UK time) there was a lot of route instability for 208.74.120.0/24, which culminated in the prefix being withdrawn. I wonder if they have annoyed someone with their decision to suspend all of the LicenseCube issued WHMCS licenses and are now under DDoS so have withdrawn the affected /24 in order to restore service to the rest of the cPanel network?
Posted by breezer1981, 09-12-2012, 05:21 PM I confirm their website is still down. Godaddy, WHMCS who's next?
Posted by httpEasy, 09-12-2012, 05:22 PM See here: http://www.webhostingtalk.com/showthread.php?t=1191333
Posted by Netxons, 09-12-2012, 05:26 PM I can't even logon to my admin area! That very bad.Quote:
License Noconnection
WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
Posted by breezer1981, 09-12-2012, 05:29 PM I really hope they're not hacked, not again... Some mysterious downtime from Godaddy yesterday - cPanel/WHMCS today... just a coincidence?
Posted by jrianto, 09-12-2012, 05:30 PM Yes, it is still down now.
Posted by ttgt, 09-12-2012, 05:33 PM i also can not access my admin area,hope it is safe..
Posted by Netxons, 09-12-2012, 05:35 PM The down time is more than 2 hrs now... That seem unacceptable.
Posted by htb, 09-12-2012, 05:37 PM That total trueQuote:
Originally Posted by breezer1981I really hope they're not hacked, not again... Some mysterious downtime from Godaddy yesterday - cPanel/WHMCS today... just a coincidence?
Posted by MoovIt, 09-12-2012, 05:54 PM I'm able to access my whmcs admin, so whmcs.com should be up soon hopefully.
Posted by UnderHost, 09-12-2012, 05:56 PM https://twitter.com/#!/search/whmcsQuote:
Originally Posted by EasedLinks or it didnt happen.
Posted by Netxons, 09-12-2012, 06:00 PM http://just-ping.com/index.php?vh=ww...928&vhost=_&c=
Really hope they can resolved soon.
Posted by cd/home, 09-12-2012, 06:15 PM This is really becoming a problem with the issues which keep happening time upon time, I think its time WHMCS sorted them self's out I really do.
Their business is high risk so additional protection should already be in place because of this.
Posted by Keiro, 09-12-2012, 06:24 PM ... Fortunately, I didn't encounter license issues.
However, their repeated issues are causing huge problems for us. I'm thinking it's time for me to ask for a source copy of their billing system and sign an NDA so we can have a copy and patch it ourselves without having to wait for them to provide fixes. :|
(That and having the source copy and being able to strip out what we don't need would make it very awesome for us.)
I've heard reports of others having source copies of WHMCS and signed an NDA regarding it.
... Shame there isn't a copy of it floating about. >_>
Posted by CW Mike, 09-12-2012, 06:31 PM Nor me but I have two licences one for the new design so I didn't need to lock it and have a developer license and the other one is live. So if a customer needs us and our one license is down, we've got the other one. But it's not the software, it's the IP Blocks that's been attacked. cPanel is helping Matt get back up.Quote:
Originally Posted by Keiro... Fortunately, I didn't encounter license issues.
However, their repeated issues are causing huge problems for us. I'm thinking it's time for me to ask for a source copy of their billing system and sign an NDA so we can have a copy and patch it ourselves without having to wait for them to provide fixes. :|
(That and having the source copy and being able to strip out what we don't need would make it very awesome for us.)
I've heard reports of others having source copies of WHMCS and signed an NDA regarding it.
... Shame there isn't a copy of it floating about. >_>
https://www.facebook.com/cpanel
Posted by WHMCS-Matt, 09-12-2012, 06:31 PM We are currently experiencing an outage due to a DDOS attack which is ongoing at this time. Our network admins are in the process of mitigating it.
The licensing system used in WHMCS will mean this outage has no impact on WHMCS installations providing a valid local key is present.
Matt
Posted by CW Mike, 09-12-2012, 06:36 PM Thanks for the heads up mate.Quote:
Originally Posted by WHMCS-MattWe are currently experiencing an outage due to a DDOS attack which is ongoing at this time. Our network admins are in the process of mitigating it.
The licensing system used in WHMCS will mean this outage has no impact on WHMCS installations providing a valid local key is present.
Matt
Posted by Lost Eagle, 09-12-2012, 06:37 PM Yup ... down too
Posted by MoovIt, 09-12-2012, 06:39 PM Thanks for the news Matt
Posted by mixmox, 09-12-2012, 06:40 PM WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
Posted by Keiro, 09-12-2012, 06:49 PM There's only two reasons why I want a sauce copy.Quote:
Originally Posted by MichaelDanceNor me but I have two licences one for the new design so I didn't need to lock it and have a developer license and the other one is live. So if a customer needs us and our one license is down, we've got the other one. But it's not the software, it's the IP Blocks that's been attacked. cPanel is helping Matt get back up.
https://www.facebook.com/cpanel
1. To strip out the stupid license checker so as to not have to deal with that issue at all. I mean, yes, the local cached license is all well and good, but I don't see the point of doing a license check repeatedly for an owned license.
I have one, and I laughed when WHMCS told me to re-enable the ability for them to do licensedebug on our install. I said hell no, I'm not revealing our WHMCS install site so malicious users can attempt to get into it and the like.
Our message when people do licensedebug on our install tells them to check instead at WHMCS's license checker to see that we do have a valid license. Beyond that, I'm not having our install provide what version and what license we're using.
2. Strip out anything we don't need in WHMCS and provide patches internally and externally when and if we come across bugs that're crippling and/or security bugs.
Posted by CW Mike, 09-12-2012, 07:08 PM how do you do that i would like to remove the ipQuote:
Originally Posted by KeiroThere's only two reasons why I want a sauce copy.
1. To strip out the stupid license checker so as to not have to deal with that issue at all. I mean, yes, the local cached license is all well and good, but I don't see the point of doing a license check repeatedly for an owned license.
I have one, and I laughed when WHMCS told me to re-enable the ability for them to do licensedebug on our install. I said hell no, I'm not revealing our WHMCS install site so malicious users can attempt to get into it and the like.
Our message when people do licensedebug on our install tells them to check instead at WHMCS's license checker to see that we do have a valid license. Beyond that, I'm not having our install provide what version and what license we're using.
2. Strip out anything we don't need in WHMCS and provide patches internally and externally when and if we come across bugs that're crippling and/or security bugs.
Posted by MoovIt, 09-12-2012, 07:12 PM Yes please tell as my licence is now down.
Posted by phez, 09-12-2012, 07:41 PM Is that applicable for folks that lease the key on a monthly basis?Quote:
Originally Posted by WHMCS-MattWe are currently experiencing an outage due to a DDOS attack which is ongoing at this time. Our network admins are in the process of mitigating it.
The licensing system used in WHMCS will mean this outage has no impact on WHMCS installations providing a valid local key is present.
Matt
I get this "WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com"
Posted by dareORdie, 09-12-2012, 07:46 PM Hello,
It's down for me too...I think there might be some network issue.
Posted by Xenus, 09-12-2012, 07:50 PM We are all in the same situation.
Hope they'll get fixed soon.
Posted by Simplex-Ed, 09-12-2012, 07:52 PM Annoying. We're currently dealing with a surge of customer tickets and can't access our WHMCS due to the licensing problem.
Sort it out, WHMCS.
Posted by oneawesomeguy, 09-12-2012, 07:54 PM WHMCS should hire a network security expert so we stop having these types of problems every few months...
Posted by Coolraul, 09-12-2012, 08:04 PM Assuming you mean SOURCE copy and not "SAUCE" copy... not going to happen.Quote:
Originally Posted by KeiroThere's only two reasons why I want a sauce copy.
1. To strip out the stupid license checker so as to not have to deal with that issue at all. I mean, yes, the local cached license is all well and good, but I don't see the point of doing a license check repeatedly for an owned license.
I have one, and I laughed when WHMCS told me to re-enable the ability for them to do licensedebug on our install. I said hell no, I'm not revealing our WHMCS install site so malicious users can attempt to get into it and the like.
Our message when people do licensedebug on our install tells them to check instead at WHMCS's license checker to see that we do have a valid license. Beyond that, I'm not having our install provide what version and what license we're using.
2. Strip out anything we don't need in WHMCS and provide patches internally and externally when and if we come across bugs that're crippling and/or security bugs.
If their license system is alive and operating and you can get in, I don't see your issue.
Good luck WHMCS ... DDOS is no fun.
Posted by Simplex-Ed, 09-12-2012, 08:07 PM Their licensing server is down, despite the post from Matt. I'm really disappointed by this. It's taken down our system.Quote:
Originally Posted by CoolraulAssuming you mean SOURCE copy and not "SAUCE" copy... not going to happen.
If their license system is alive and operating and you can get in, I don't see your issue.
Good luck WHMCS ... DDOS is no fun.
Posted by Coolraul, 09-12-2012, 08:10 PM Sorry Ed I know I just thought Kerio said he wasn't affected.
I wonder if Matt knows the license system is broken ??
Posted by twhiting9275, 09-12-2012, 08:11 PM Still down from here.
Hey, Matt, maybe it's time you moved to a professional hosting company instead of cheaping out. You know, one that has real security and protection.
Posted by Simplex-Ed, 09-12-2012, 08:14 PM It's been down for hours. Our clients have been stranded for hours, we can see the ticket emails (i.e. we know they're requesting support) but there's little we can do. The most we can do is attempt to resolve the issue they have by looking at the ticket request... that's it. We can't reply to them, or ask for more information.Quote:
Originally Posted by CoolraulSorry Ed I know I just thought Kerio said he wasn't affected.
I wonder if Matt knows the license system is broken ??
This is a horrible feeling for a hosting company. Being able to see a customer requesting assistance but not being able to do anything.
Posted by twhiting9275, 09-12-2012, 08:16 PM Have you tried replying to the ticket via email? I thought Matt said that was supposed to be possible during things like this.
It is, indeed an entirely unacceptable situation, unfortunately not the first time this has happened.
Posted by Hoosier Mike, 09-12-2012, 08:17 PM What happened to the promise of you'll no longer be keeping all the eggs in one basket you made Matt after you were hacked/reverse engineered. A solution needs to come soon. Both, us as your client and our clients rely on WHMCS..
Posted by sol2010, 09-12-2012, 08:18 PM I also have the "your license is invalid" issue. What the heck to do now? Can't access admin... Can't believe this is happening again and nothing on WHMCS twitter ?
Anyone know the latest?
Posted by twhiting9275, 09-12-2012, 08:19 PM He says that every time , not surprised he didn't take action.Quote:
Originally Posted by Hoosier MikeWhat happened to the promise of you'll no longer be keeping all the eggs in one basket you made Matt after you were hacked/reverse engineered.
Posted by Simplex-Ed, 09-12-2012, 08:21 PM We will try, thank you. But it's really not good enough, WHMCS has the capital to invest in a quality setup, yet despite the previous events, it's not gone ahead.Quote:
Originally Posted by linux-techHave you tried replying to the ticket via email? I thought Matt said that was supposed to be possible during things like this.
It is, indeed an entirely unacceptable situation, unfortunately not the first time this has happened.
Posted by cd/home, 09-12-2012, 08:33 PM I agree here, WHMCS makes a nice what almost £1Million per year combined with the fact that cPanel now has a share with the company I would of thought lessons was learn't when they got hacked and their database leaked across the internet.Quote:
Originally Posted by Simplex-EdWHMCS has the capital to invest in a quality setup, yet despite the previous events, it's not gone ahead.
I felt like I gave WHMCS a second chance last time but this time my options are now open for a different platform for us to use.
Ive had a ticket opened with them about the recurring Paypal callback issues we are having still no response its been around 1 week now...
WHMCS it's time to change or time to face loosing your customer base.
Regards,
Posted by sol2010, 09-12-2012, 08:33 PM Is there any way at all to disable the license check as a temporary measure ? Any one have any hacks?
I could live with it if my system was up and running, but this is totally unacceptable and having a major impact on my business.
All was fine yesterday - but today I get the dreaded admin lock-out due to license issue.
Time to look for an alternative.
Posted by Simplex-Ed, 09-12-2012, 08:37 PM http://companycheck.co.uk/company/06265962Quote:
Originally Posted by cd/homeI agree here, WHMCS makes a nice what almost £1Million per year combined with the fact that cPanel now has a share with the company I would of thought lessons was learn't when they got hacked and their database leaked across the internet.
I felt like I gave WHMCS a second chance last time but this time my options are now open for a different platform for us to use.
Ive had a ticket opened with them about the recurring Paypal callback issues we are having still no response its been around 1 week now...
WHMCS it's time to change or time to face loosing your customer base.
Regards,
That kind of money can afford something robust and reliable.
Posted by cd/home, 09-12-2012, 08:39 PM Owned hardware complete with hardware firewall protection comes to mind here...Quote:
Originally Posted by Simplex-Edhttp://companycheck.co.uk/company/06265962
That kind of money can afford something robust and reliable.
Infact they could have their own hardened network, failover licensing system and a load of other treats with the money they have floating around
Posted by MikeDVB, 09-12-2012, 08:52 PM Whether or not the local license will allow you to get in, depends entirely whether or not it was done recently.
If I'm not mistaken, it's good for 7 days (could be a shorter term, I forget) and during those 7 days it does not re-verify your license, presumably to lighten the load on the licensing server. So if you just expired and checked-in you could be good for 7 days. If your license was last validated Wednesday of last week, you're about to be hosed, if you aren't already.
IMHO, there are two solutions to this that are complimentary to each other:
- Have the software check in every day, and then cache that for 7 days. This gives *everybody* a 7 day window should issues happen with the licensing server and not just those who happened to expire+check in just before the issue.
- Distribute the licensing servers - don't rely upon one in a single facility and on a single network. Distribute it out to at least 3 geographically unique locations. Being able to take down every WHMCS installation in the world by taking out a single server or even a single network is ... way too easy at this point.
With as much as WHMCS and cPanel surely make in revenue, there is NO reason they cannot distribute their licensing servers as well as handle the additional load from more regular license check-ins. The additional cost incurred by making these changes wouldn't even qualify as a drop in the bucket.
Posted by twhiting9275, 09-12-2012, 08:55 PM I have to agree, distributed systems are the best option here. That's why professionals rely on multiple servers across multiple networks for this kind of stuff
Posted by hungoverfurball, 09-12-2012, 09:04 PM I dont care about the whmcs site, i don't care about the ticket system, All i care about is the license system. Not having the ability to do anything in the admin side of whmcs is just a bit ridiculous.
I really wish companies like whmcs could be held accountable for cancellations and loss of money as a result of things like this :/ maybe it would spur them to fix the stuff a lot faster if they were.
I do find it a little ridiculous that a person can ddos one server and take down all whmcs installations......
Posted by phez, 09-12-2012, 09:04 PM Having just started using this software for the past few months, I am completely annoyed that I have to pay my webdevs to sit around and do nothing while WHMCS take their sweet time to solve an issue that has seemed to occurred multiple times in the past.
... anyone looking at the alternatives and how good are they?
Posted by cd/home, 09-12-2012, 09:08 PM Nothing out their to be honest is as good as WHMCS unless you start looking higher at things like Ubersmith.Quote:
Originally Posted by phezanyone looking at the alternatives and how good are they?
Hostbill looks good but it means folking out another $300-$1,000 for their license.
When WHMCS "works" it works very well and serves our needs to a tee but when issues happen like this it seems to undo those famous words "doing us well" and turns them to "sending us to hell"
Regards,
Posted by twhiting9275, 09-12-2012, 09:10 PM This comes up every single time WHMCS goes through something like this.Quote:
Originally Posted by hungoverfurballI really wish companies like whmcs could be held accountable for cancellations and loss of money as a result of things like this :/ maybe it would spur them to fix the stuff a lot faster if they were.
The only way to do this is to hold them accountable personally. Vote with your $$$THAT is all you. You don't HAVE to have your devs work right now, simply tell them to come backQuote:
Originally Posted by phezI am completely annoyed that I have to pay my webdevs to sit around and do nothing
Posted by CW Mike, 09-12-2012, 09:10 PM Say you moved to another Billing system, and they get popular and then targeted you're be back at step one.Quote:
Originally Posted by cd/homeI agree here, WHMCS makes a nice what almost £1Million per year combined with the fact that cPanel now has a share with the company I would of thought lessons was learn't when they got hacked and their database leaked across the internet.
I felt like I gave WHMCS a second chance last time but this time my options are now open for a different platform for us to use.
Ive had a ticket opened with them about the recurring Paypal callback issues we are having still no response its been around 1 week now...
WHMCS it's time to change or time to face loosing your customer base.
Regards,
All WHMCS needs to do now is work on a cluster like cPanel's DNS Clustering system.
4 different Servers in different DC (Like Cloudflare) and cluster it, so if one goes down, the servers still working. Or maybe they should move to OnApp with the clouds.
Posted by MoovIt, 09-12-2012, 09:10 PM I agree they certainly need some global redundancy and not have 1 point of failure as too many hosting companies are relying on 1 licencing server to keep their billing software live.Quote:
Originally Posted by MikeDVBWhether or not the local license will allow you to get in, depends entirely whether or not it was done recently.
If I'm not mistaken, it's good for 7 days (could be a shorter term, I forget) and during those 7 days it does not re-verify your license, presumably to lighten the load on the licensing server. So if you just expired and checked-in you could be good for 7 days. If your license was last validated Wednesday of last week, you're about to be hosed, if you aren't already.
IMHO, there are two solutions to this that are complimentary to each other:
- Have the software check in every day, and then cache that for 7 days. This gives *everybody* a 7 day window should issues happen with the licensing server and not just those who happened to expire+check in just before the issue.
- Distribute the licensing servers - don't rely upon one in a single facility and on a single network. Distribute it out to at least 3 geographically unique locations. Being able to take down every WHMCS installation in the world by taking out a single server or even a single network is ... way too easy at this point.
With as much as WHMCS and cPanel surely make in revenue, there is NO reason they cannot distribute their licensing servers as well as handle the additional load from more regular license check-ins. The additional cost incurred by making these changes wouldn't even qualify as a drop in the bucket.
WHMCS needs to get with the times and spend some money on a decent solution so this does not happen again, if not allot of us will go elsewhere as we cant afford to lose access to our Admin every time the licencing server falls over!
Please invest some of the money we invest in WHMCS back into a reliable solution that works for all hosts around the world and has redundancy and security built in so this never happens again.
Posted by phez, 09-12-2012, 09:14 PM You have no knowledge of how my web devs are employed or the conditions that are agreed. <<snipped>>Quote:
Originally Posted by linux-techTHAT is all you. You don't HAVE to have your devs work right now, simply tell them to come back
Posted by marcacer, 09-12-2012, 09:15 PM When we login admin we get:
License Noconnection
WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
How can be solve this??? I have this license over 2 years now and paid all my bills. why can't I login? Is your license server down? We never had this issue and since today this message. I need to login!!
Posted by ttgt, 09-12-2012, 09:17 PM why there is no whmcs staff find the thread and reply us
Posted by MikeDVB, 09-12-2012, 09:20 PM Probably because this thread, or this site - is not a support avenue for WHMCS.Quote:
Originally Posted by ttgtwhy there is no whmcs staff find the thread and reply us
All of you who are upset that your helpdesk is offline - don't think WHMCS isn't trying to get back online. It hurts your business for them to be offline, it hurts their business as well. They're surely not sitting around going, "Oh, we'll bring it all back online tomorrow sometime... For now, let's relax."
I understand the frustration / anger / etc (trust me, I really do) - but WHMCS and their licensing servers will be back as soon as they can get them back online and, unfortunately, not a moment sooner.
Posted by Branzone, 09-12-2012, 09:47 PM They should really just store the valid hostname in each whmcs local database and if it doesn't match the hostname being used throw errors. Especially for OWNED licenses this is pretty ridiculous.
Posted by wtfpict, 09-12-2012, 09:52 PM <<snipped>>
i'm still looking now for alternate, just in case this outage takes much longer, another option is replace WHMCS with other billing software which having importing / migrating tools from whmcs.
Posted by Master Bo, 09-12-2012, 09:52 PM Looks like the single point of failure for WHMCS (licensing server(s)) has been proved a good target for attacks and will be exploited on regular basis.
Unless the licensing checks techniques isn't significantly changed to make the whole product more or less immune against DDoSing well-known servers, the losses for many a hoster will be significant.
Not meaning to tease anyone (I am a customer who also senses the consequences of the outage), but looks like it's time to change something in the whole approach.
Posted by phez, 09-12-2012, 09:55 PM OK, were back!
Up for me, logged in.
Posted by MikeDVB, 09-12-2012, 09:55 PM If there weren't so many out there ready to pirate their software - there wouldn't need to be a complex licensing system as there is now.Quote:
Originally Posted by BrandonmThey should really just store the valid hostname in each whmcs local database and if it doesn't match the hostname being used throw errors. Especially for OWNED licenses this is pretty ridiculous.
Any paying customers that are experiencing issues now, ultimately, can blame those issues on the countless thieves that would steal WHMCS's hard work and use it for free and/or distribute it without even batting an eyelash.
On a similar note we can blame all of the spammers out there for legitimate messages ending up in 'spam' boxes, RBLs, SPF and DKIM, etc...
We live in a dishonest world filled with malicious people. Those of us that abide the law, agreements, contracts, and pay for things always suffer the consequences.
Another example is DRM that keeps me from burning a movie (that I have rights to by purchasing it) from iTunes onto a DVD - for example. Does this stop somebody who plans on distributing this content from breaking the DRM and making it available? No... But it does keep the average user from doing things they should be able to do.
If only we could wake up tomorrow and thievery wouldn't exist - there would be no need for licensing servers, license checks, etc.
Until we do wake up in that utopia lacking theft - we'll have to deal with issues such as these. It doesn't only affect WHMCS, it affects any software that checks in regularly to make sure there is a valid license - although WHMCS is a fairly big target and they exacerbate the issue by not maintaining redundant licensing servers.
Posted by Keiro, 09-12-2012, 09:57 PM It is indeed what I meant.Quote:
Originally Posted by CoolraulAssuming you mean SOURCE copy and not "SAUCE" copy... not going to happen.
If their license system is alive and operating and you can get in, I don't see your issue.
Good luck WHMCS ... DDOS is no fun.
My issue is simply thus - WHMCS's inability to have a fistributed licensing server platform. Too many times this has crippled us. I dislike being at the mercy of the single licensing server.
Someone said they wanted to remove the license-checker... I don't know how. I DO know how to prevent people from discovering the install location from licensedebug.
If I knew how to remove the ping-back to the licending server after having paid $300+ for this, mods and all, I'd do it so our system isn't a hostage to the single licensing server they've got right now.
WHMCS knows better. It should've had this problem fixed ages ago. It did not.
NO EXCUSES FOR IT NOT TO!
That said - DDoSes are no fun, agreed.
Posted by ttgt, 09-12-2012, 10:02 PM i can access my admin area now.
Posted by Master Bo, 09-12-2012, 10:11 PM Wrong.Quote:
Originally Posted by MikeDVBIf there weren't so many out there ready to pirate their software - there wouldn't need to be a complex licensing system as there is now.
Any paying customers that are experiencing issues now, ultimately, can blame those issues on the countless thieves that would steal WHMCS's hard work and use it for free and/or distribute it without even batting an eyelash.
The fundamental flaw in the licensing architecture resulted in endless situations like this one. After the first attack on the licensing servers it should become clear the whole model is flawed.
Also, it isn't that extremely hard to make the whole application better protected from an average 'hacker' (nothing can save you from an expert, unless you make a piece of software that would cost 2-3 orders of magnitude more.
The blame is all WHMCS'. The flaws in architecture made the piece of software easy to crack and easy to suspend existing installations.
The sooner the developers of it understand the fact and change the underlying approach, the better. It won't cost them that awfully much.
Posted by MikeDVB, 09-12-2012, 10:18 PM So you're saying that if piracy didn't exist, that the licensing server and resulting issue would still exist? I think not . Even if it did exist, say, to track monthly leased licenses - it wouldn't apply to owned licenses in such a world.Quote:
Originally Posted by Master BoWrong.I don't agree that there is a flaw with the licensing system, and I pointed it out in my first post in this thread where I made two suggestions that would prevent this issue in the future. My point is that if theft/piracy didn't exist, the flawed licensing system wouldn't exist, and none of this would ever have happened.Quote:
Originally Posted by Master BoThe fundamental flaw in the licensing architecture resulted in endless situations like this one. After the first attack on the licensing servers it should become clear the whole model is flawed.
Just as if humans never existed, WHMCS would have never existed, nobody would have ever pirated WHMCS, and the licensing system would never have existed .Ultimately, on some level, PHP has to be parsed by the interpreter. This means that the code has to be passed to the interpreter in a format that it can understand.Quote:
Originally Posted by Master BoAlso, it isn't that extremely hard to make the whole application better protected from an average 'hacker' (nothing can save you from an expert, unless you make a piece of software that would cost 2-3 orders of magnitude more.
Until WHMCS isn't run on PHP, there is going to be no way to protect it from anybody but the common individual. I don't consider myself an expert, but decoding IonCube is not that hard. I know, because I used to develop software myself and had to reverse the decode on some of my software due to catastrophic data loss that was entirely my fault.I'm not saying WHMCS isn't at fault for this issue, but that if the world were a better place the situation for the issue to have existed wouldn't exist.Quote:
Originally Posted by Master BoThe blame is all WHMCS'. The flaws in architecture made the piece of software easy to crack and easy to suspend existing installations.I agree that changes should be made, but again, nothing you can ultimately do will protect the software 100%. Even if it was 100% SaaS - one simple security issue on the servers responsible for serving it (say, a zero-day exploit) and that source code could easily become available.Quote:
Originally Posted by Master BoThe sooner the developers of it understand the fact and change the underlying approach, the better. It won't cost them that awfully much.
I think you're taking my post, that you quoted some from, as saying that we shouldn't blame WHMCS. I'm not saying that, but simply saying that the flawed licensing system is a result of issues that, in an ideal world, wouldn't exist.
Hopefully, this time around, they learn from the issue and set up geo-distributed licensing servers.
Since cPanel has stake in WHMCS, I'll make sure to bring this up at the cPanel conference next month.
Posted by mehrdadabed, 09-12-2012, 10:41 PM Seems that WHMCS is back online again,
We've already experienced heavy ddos attacks so we understand how destructive they could be, but all of us expect WHMCS as a considerable company in its field to resist against such attacks or at least change its licensing algorithm and prevent admin panel unavailability for legal users.
Good luck,
Posted by Master Bo, 09-12-2012, 10:44 PM With you permit, I simply omit the informationless parts of your response, to save my time. I am saying you switched the reason with the consequences.Quote:
Originally Posted by MikeDVBSo you're saying that if piracy didn't exist, that the licensing server and resulting issue would still exist? I think not . Even if it did exist, say, to track monthly leased licenses - it wouldn't apply to owned licenses in such a world.
The piracy was, is and will be. It's not an excuse for bad architecture.
Trying to move all the responsibility onto criminals means to openly admit one's inability to build a reliable software.If the DDoS on licensing servers is enough to efficiently suspend all legitimate WHCMS installations from normal operations, it IS the flaw. End of story.Quote:
Originally Posted by MikeDVBI don't agree that there is a flaw with the licensing system ...Wrong. Keywords for enlightening: ionCube, Zend encoder... Do you follow the idea?Quote:
Originally Posted by MikeDVBUltimately, on some level, PHP has to be parsed by the interpreter. This means that the code has to be passed to the interpreter in a format that it can understand.
Apart from encoding, there are many a technique to make the cracking close to useless. But it requires valid architecture - in this case, if there are license servers crucial for this to work - the whole approach can be defeated by a single DDoS attack.If I am a paying customer whose business is at stake, I do not care how and why, but I need my piece of legally bought software to work without interruptions.Quote:
Originally Posted by MikeDVBI agree that changes should be made, but again, nothing you can ultimately do will protect the software 100%. Even if it was 100% SaaS - one simple security issue on the servers responsible for serving it (say, a zero-day exploit) and that source code could easily become available.
Once again: it is possible to achieve and make the whole approach almost 100% immune to any type of DDoS, without huge investment in development. All the required ideas and their implementation are already available (another hint: available as free, open source software).
Posted by Keiro, 09-12-2012, 10:57 PM THIS is precisely why I want the source copy of the software. So I can strip out the license-checker and not worry about the licensing server being down or otherwise incommunicado for whatever reason.Quote:
Originally Posted by Master Bo<<snip>>
If I am a paying customer whose business is at stake, I do not care how and why, but I need my piece of legally bought software to work without interruptions.
Once again: it is possible to achieve and make the whole approach almost 100% immune to any type of DDoS, without huge investment in development. All the required ideas and their implementation are already available (another hint: available as free, open source software).
I want my software to work without interruption. Having an owned license means pretty much jack **** without a globally redundant licensing server network.
And even then, if you somehow manage to hit all of them at once? You're still taking out everyone who has a legitimate license.
I wonder if the nulled WHMCS users have the same issue?
I'd be interested to know whether this is the case or not.
Posted by FRH Dave, 09-12-2012, 10:58 PM I see both sides of the last page or so of posts.
We shouldn't have to have such a complex licensing system. People shouldn't be pirating the software. People shouldn't be DDOSing the server. WHMCS / cPanel (since WHMCS is cPanel's thing now) shouldn't rely on such a single point of failure.
But the reality is, all of those things are happening. So I guess I'll add my own:
I shouldn't lose access to WHMCS because they get attacked.
I keep an eye on the other billing platforms out there. Anyone who doesn't stay on top of their options is a fool. At the moment, I'm not switching because moving xxx active customers from one platform to another is a very delicate dance, no matter how good you are.
But there's no excuse for this kind of outage. If this crops up again, I may have no choice.
Posted by MikeDVB, 09-12-2012, 11:00 PM I suppose you could see it the other way around... Without laws there would be no crime but I prefer to look at it the other way around - that if crime didn't exist the laws wouldn't be drafted to make those actions illegal.Quote:
Originally Posted by Master BoI am saying you switched the reason with the consequences.
The piracy was, is and will be. It's not an excuse for bad architecture.I'm not 'moving' responsibility anywhere. Since WHMCS does use a licensing system, the onus is on them to build one that is redundant, reliable, and does the job well.Quote:
Originally Posted by Master BoTrying to move all the responsibility onto criminals means to openly admit one's inability to build a reliable software.
I am not entirely sure why you're debating, I do agree with you that their licensing system is flawed and needs improved.
But, just so we are clear, you are saying this: "If there was no piracy, the flawed licensing system would still exist as it does now." ???
Just as if fire did not exist, there would be no such thing as a fire-fighter, if piracy did not exist - methods to protect software vendors from piracy wouldn't exist. It's causality ultimately. Without the cause, the result would not exist.It is *a* flaw, but not *the* flaw. In this world it is possible for there to be a singular flaw with any given system.Quote:
Originally Posted by Master BoIf the DDoS on licensing servers is enough to efficiently suspend all legitimate WHCMS installations from normal operations, it IS the flaw. End of story.Both can be reversed, you're not making much of a point. All they really are is obfuscation.Quote:
Originally Posted by Master BoWrong. Keywords for enlightening: ionCube, Zend encoder... Do you follow the idea?Reverse the encoding, strip out the license checks, and it all becomes moot. Is this legal? Probably not, depending on your location.Quote:
Originally Posted by Master BoApart from encoding, there are many a technique to make the cracking close to useless. But it requires valid architecture - in this case, if there are license servers crucial for this to work - the whole approach can be defeated by a single DDoS attack.
Now if theft didn't exist, including piracy, then nobody would steal the work of others and encoding [obfuscation] wouldn't exist. Obfuscation is designed to hide/keep secret the actual code and if nobody ever stole under any circumstances there would be no need to protect said code. Nobody woke up one day and simply decided that encoding software was a good idea for the sake of encoding, they sell a product that is marketed to protect the software from piracy.
The licensing system for WHMCS is designed, when used in tandem with obfuscation, to protect the software from piracy and other illegal uses of the software.I agree, however, I do care at least a bit about how. For example, the system they have now has worked pretty good for the last 5 years [that I know of] except for two instances where their licensing server was offline - once due to being hacked, and then this time. I would prefer that the how included some redundant licensing servers.Quote:
Originally Posted by Master BoIf I am a paying customer whose business is at stake, I do not care how and why, but I need my piece of legally bought software to work without interruptions.There is no such thing as 'immune' from DDoS, unfortunately.Quote:
Originally Posted by Master BoOnce again: it is possible to achieve and make the whole approach almost 100% immune to any type of DDoS, without huge investment in development. All the required ideas and their implementation are already available (another hint: available as free, open source software).
Even if they distributed their licensing to 100 servers around the world, there are botnets that are capable of taking all 100 down.
Distributing it to distinct servers in geographically unique locations would help, but nothing is foolproof or 100%, ever.
Posted by Keiro, 09-12-2012, 11:08 PM I've been keeping an eye out for the other billing system platforms as well.Quote:
Originally Posted by floor9I see both sides of the last page or so of posts.
We shouldn't have to have such a complex licensing system. People shouldn't be pirating the software. People shouldn't be DDOSing the server. WHMCS / cPanel (since WHMCS is cPanel's thing now) shouldn't rely on such a single point of failure.
But the reality is, all of those things are happening. So I guess I'll add my own:
I shouldn't lose access to WHMCS because they get attacked.
I keep an eye on the other billing platforms out there. Anyone who doesn't stay on top of their options is a fool. At the moment, I'm not switching because moving xxx active customers from one platform to another is a very delicate dance, no matter how good you are.
But there's no excuse for this kind of outage. If this crops up again, I may have no choice.
Hostbill seems to be the only other alternative that comes close to what WHMCS can do.
Short of rolling our own, I can see that we have essentially no option but to keep an eye out and wait for a better option, as we have no way to roll our own.
Or rather, we do, but it'd be too costly for us to do so.
As I said earlier, absolutely no excuse for them. None. They should've learned from their past mistakes. And honestly, there's no way in hell we'd move to Ubersmith.
Hostbill is increasingly looking like a better option unless we rewrite a billing system to our specific needs... and I'm thinking it may be easier to do that instead of building one from scratch.
I even have a billing system in mind to rewrite from. May as well get to it, I suppose.
Posted by Master Bo, 09-12-2012, 11:22 PM Once again, I omit the informationless parts. Glad to hear.Quote:
Originally Posted by MikeDVBI am not entirely sure why you're debating, I do agree with you that their licensing system is flawed and needs improved.
My only point is that all the responsibility is WHCMS's developers'. Trying to refer to piracy, Martians, act of God etc is senseless.Cite my exact words where I was saying the above.Quote:
Originally Posted by MikeDVBBut, just so we are clear, you are saying this: "If there was no piracy, the flawed licensing system would still exist as it does now." ???
If you can't cite, I would suggest you to be very careful when stating someone was saying what he's not actually saying. Unless you won't like me to say you're lying.
Do not interpret me. If you need my exact answer to exact question, just ask the question, please.
In short. Piracy is inevitable. Software licensing is inevitable. Good protection against cracks and DoS is possible, the one without effect of suspending all the software installations.If licensing system has a single point of failure, it's fundamentally flawed and must be modified. Otherwise, the incidents will repeat again and again.Quote:
Originally Posted by MikeDVBIt is *a* flaw, but not *the* flaw. In this world it is possible for there to be a singular flaw with any given system.Wrong in both.Quote:
Originally Posted by MikeDVBNow if theft didn't exist, including piracy, then nobody would steal the work of others and encoding [obfuscation] wouldn't exist.
1. People may choose to license their work and require registration/checks even if it's absolutely free. Reasons could be many, including receiving usage statistics and feedback.
2. Obfuscation can be used to hide one's code. It's a person right to open source its software, or not.Wrong. The licensing approach may require to DoS too many Internet IPs to efficiently stop license checks. With this in mind, licensing may be as immune to DoS as their creators choose to.Quote:
Originally Posted by MikeDVBThere is no such thing as 'immune' from DDoS, unfortunately.Please study the P2P/distributed networks already in existence. They were created to be immune to most attempts to efficiently put them totally down.Quote:
Originally Posted by MikeDVBDistributing it to distinct servers in geographically unique locations would help, but nothing is foolproof or 100%, ever.
Note also I said "almost 100%". In this current case, it's strictly 0% chance to avoid the disaster, once licensing servers are brought out of communication.
Posted by MikeDVB, 09-12-2012, 11:39 PM If you keep such a narrow mind, then sure, it's outside the scope of the discussion.Quote:
Originally Posted by Master BoMy only point is that all the responsibility is WHCMS's developers'. Trying to refer to piracy, Martians, act of God etc is senseless.
Just like whether my soda glass on my desk is full, half full, or empty is pointless to this conversation as well - that doesn't mean it's not something that can be discussed. At least 'chicken-or-the-egg' discussion about Piracy and Licensing is relevant to this thread ... more so at least than the amount of soda in my glass.I'm not saying you did, I paraphrased what I'm taking away from your posts as I understand them, and asking you to either explain why you believe that, or to better explain what you do believe. If I were to go through and cite every statement that caused me to end up with my shortened, condensed, paraphrased statement - I would end up quoting just about your entire posts all over again for more than simply making a response to various points... It would be a waste of space and time.Quote:
Originally Posted by Master BoCite my exact words where I was saying the above.
Moving past the fact that WHMCS's licensing system is flawed, why do you believe that without piracy that the licensing system would exist as it does today? All I've said, from the start of our little discussion, is that without piracy the licensing system wouldn't exist as it does now - and you continue to disagree with me.Anybody with a little common sense would understand that I didn't directly cite you or quote you, but simply enclosed my understanding of your perspective within quotes to separate it from the rest of the sentence. If you want to be semantic and picky, I can be a little more careful about how I word things.Quote:
Originally Posted by Master BoIf you can't cite, I would suggest you to be very careful when stating someone was saying what he's not actually saying. Unless you won't like me to say you're lying.Ok, I'll ask again (not quoting myself, so it may be worded differently but the question is ultimately the same): If piracy and theft did not exist, would the licensing system exist as it does today?Quote:
Originally Posted by Master BoDo not interpret me. If you need my exact answer to exact question, just ask the question, please.Sure, which is why I was speaking hypothetically and mentioned that 'if we lived in such a utopia' indicating that it is not how things are, and that things will quite likely never be this way.Quote:
Originally Posted by Master BoIn short. Piracy is inevitable.But is it inevitable in and of itself, or because piracy is inevitable?Quote:
Originally Posted by Master BoSoftware licensing is inevitable.
Just like keys and their respective locks - if we lived in such a utopia where theft didn't exist locks would likely be unnecessary. Similarly, locks will not keep thieves out - only those who actually intend you no harm. Any good thief will get through/past/around any lock.No system is impervious - all it would take is a botnet with the resources to take down as many servers as you have online providing licensing servers and it would be rendered useless.Quote:
Originally Posted by Master BoGood protection against cracks and DoS is possible, the one without effect of suspending all the software installations.
The more you have, the harder it becomes to break it, but then in some senses the harder it becomes to maintain. Nothing, as I've said, is 100% however.I agree, and I've agreed numerous times - I even stated it in my first post in this thread long before you and I began debating.Quote:
Originally Posted by Master BoIf licensing system has a single point of failure, it's fundamentally flawed and must be modified. Otherwise, the incidents will repeat again and again.
This is why I am trying to understand exactly what you're trying to say and what you're disagreeing with me.But this could be done, without any impact to the end-user should said licensing servers go offline. In the utopia I am referring to, the system would not exist to limit/prevent illegal use of the software as illegal use of the software wouldn't exist.Quote:
Originally Posted by Master Bo1. People may choose to license their work and require registration/checks even if it's absolutely free. Reasons could be many, including receiving usage statistics and feedback.
No egg = no chicken = no egg, etc.If theft didn't exist, again, even if you saw the code - you wouldn't use it without permission so there would be no need to hide it. (Again, obviously hypothetical because theft does exist.)Quote:
Originally Posted by Master Bo2. Obfuscation can be used to hide one's code. It's a person right to open source its software, or not.Immune is the wrong word, imho. Resistant would be more appropriate in this context, imho.Quote:
Originally Posted by Master BoWrong. The licensing approach may require to DoS too many Internet IPs to efficiently stop license checks. With this in mind, licensing may be as immune to DoS as their creators choose to.
The second you feel you have something immune to DDoS, by all means post that on the internet and get as much attention to it as you can. It would only be a matter of time before your challenge was taken and you were proven wrong.I'm not talking about P2P - which is different because the organization has little to no control over the distribution. I'm referring to a vendor-controlled distribution of licensing servers.Quote:
Originally Posted by Master BoPlease study the P2P/distributed networks already in existence. They were created to be immune to most attempts to efficiently put them totally down.
I can't say that I ever see WHMCS using a P2P style distribution system, as it opens the system up to tampering. In the utopia I've mentioned a few times, sure, they could distribute the licensing servers via p2p, but in this utopia it would be unnecessary.You say "almost 100%" while also using "immune" with no adverb such as "almost".Quote:
Originally Posted by Master BoNote also I said "almost 100%". In this current case, it's strictly 0% chance to avoid the disaster, once licensing servers are brought out of communication.
I think we both agree that in our current real world, that the WHMCS licensing system exists and is currently flawed.
The only disagreement that we seem to have is that I believe in my idyllic utopia vision where theft and piracy didn't exist - restrictive licensing wouldn't exist as it's a reaction to a problem that exists in the real world, but not the utopia I am referring to.
I mean, you're literally arguing points based upon my hypothetical idyllic utopia that I made up and telling me that I'm wrong... It does feel a little silly, no?
Posted by nickia, 09-13-2012, 12:16 AM You are funny. Your reasoning can be applied to the following:Quote:
Originally Posted by MikeDVBSo you're saying that if piracy didn't exist, that the licensing server and resulting issue would still exist? I think not . Even if it did exist, say, to track monthly leased licenses - it wouldn't apply to owned licenses in such a world.
I don't agree that there is a flaw with the licensing system, and I pointed it out in my first post in this thread where I made two suggestions that would prevent this issue in the future. My point is that if theft/piracy didn't exist, the flawed licensing system wouldn't exist, and none of this would ever have happened.
Just as if humans never existed, WHMCS would have never existed, nobody would have ever pirated WHMCS, and the licensing system would never have existed .
Ultimately, on some level, PHP has to be parsed by the interpreter. This means that the code has to be passed to the interpreter in a format that it can understand.
Until WHMCS isn't run on PHP, there is going to be no way to protect it from anybody but the common individual. I don't consider myself an expert, but decoding IonCube is not that hard. I know, because I used to develop software myself and had to reverse the decode on some of my software due to catastrophic data loss that was entirely my fault.
I'm not saying WHMCS isn't at fault for this issue, but that if the world were a better place the situation for the issue to have existed wouldn't exist.
I agree that changes should be made, but again, nothing you can ultimately do will protect the software 100%. Even if it was 100% SaaS - one simple security issue on the servers responsible for serving it (say, a zero-day exploit) and that source code could easily become available.
I think you're taking my post, that you quoted some from, as saying that we shouldn't blame WHMCS. I'm not saying that, but simply saying that the flawed licensing system is a result of issues that, in an ideal world, wouldn't exist.
Hopefully, this time around, they learn from the issue and set up geo-distributed licensing servers.
Since cPanel has stake in WHMCS, I'll make sure to bring this up at the cPanel conference next month.
A doctor malpracticed, and you exclaim "If disease doesn't exist, we don't need doctor and there will be no malpractice. Damn you disease, damn you."
You need to learn how to reason better and apply proper logic.
Posted by nickia, 09-13-2012, 12:22 AM A normal (I'm not even going to call it smart because it is common sense) business person will know what PR is and how important it is when you are dealing with crisis.Quote:
Originally Posted by MikeDVBProbably because this thread, or this site - is not a support avenue for WHMCS.
All of you who are upset that your helpdesk is offline - don't think WHMCS isn't trying to get back online. It hurts your business for them to be offline, it hurts their business as well. They're surely not sitting around going, "Oh, we'll bring it all back online tomorrow sometime... For now, let's relax."
I understand the frustration / anger / etc (trust me, I really do) - but WHMCS and their licensing servers will be back as soon as they can get them back online and, unfortunately, not a moment sooner.
People need reassurance.
Posted by MikeDVB, 09-13-2012, 12:43 AM Not entirely - even if disease didn't exist, broken bones would. Assuming we were invincible, then I would say that a lot more than just doctors would cease to be necessary. Guns and gun manufacturers, medical supply companies, nurses, etc... Eliminate a single disease, then you do eliminate issues that stemmed from that specific disease but I wouldn't say you eliminated the need for doctors.Quote:
Originally Posted by nickiaYou are funny. Your reasoning can be applied to the following:
A doctor malpracticed, and you exclaim "If disease doesn't exist, we don't need doctor and there will be no malpractice. Damn you disease, damn you."
You state that my reasoning is flawed, by posing an even more flawed hypothetical situation. If theft didn't exist, software providers wouldn't have to protect against piracy - if you dispute that, then make your case .Who said I was trying to use 'proper logic'? I assumed anybody reading my posts would be able to understand that I was speaking hypothetically and was not discussing the real world, but an idyllic and hypothetical utopia by clearly stating as such.Quote:
Originally Posted by nickiaYou need to learn how to reason better and apply proper logic.
This is, after all, a discussion forum. There are no rules that bar discussing hypotheticals, and I very much enjoy a good debate.Sure, and you would likely do things very differently than WHMCS currently does them. It would be nice to see regular updates from WHMCS in this thread, but I won't hold my breath .Quote:
Originally Posted by nickiaA normal (I'm not even going to call it smart because it is common sense) business person will know what PR is and how important it is when you are dealing with crisis.
Posted by Master Bo, 09-13-2012, 01:17 AM Personal attributions you started to make mean you have nothing essential to add to the discussion.Quote:
Originally Posted by MikeDVBIf you keep such a narrow mind, then sure, it's outside the scope of the discussion.
I conclude it, then. I do not see any sense discussing hypothetical no-pirates utopias here. We have a problem that can't be solved once and for all unless the WHMCS owners change licensing checks technique.
Your knowledge of P2P seems not too profound, otherwise you wouldn't write this:Hint: P2P approach is a good solution to current situation and that doesn't mean the owners will have no control over such a network.Quote:
Originally Posted by MikeDVBI'm not talking about P2P - which is different because the organization has little to no control over the distribution.
I have responded, in fact, to all your sensible questions asked thus far. Fantasies and utopias have nothing to do with real problems. I like discussing hypothetical universes, since I am a fiction writer myself, but this thread isn't the right place for that.
I only say I am sure we will see more WHMCS outage(s) related to their license servers by the end of this year. As with many other companies, the owners of it won't react to such challenges until it is too late.
But of course it's their rightful choice. Dixi.
Posted by htb, 09-13-2012, 01:28 AM I see it going up and down
Posted by Netxons, 09-13-2012, 01:29 AM My side is down too.Quote:
Originally Posted by htbI see it going up and down
Posted by Master Bo, 09-13-2012, 01:32 AM Yes, as well as their site.Quote:
Originally Posted by htbI see it going up and down
I wonder when/if they are able to handle it within reasonable timeframe.
Posted by PlotHost-Max, 09-13-2012, 01:32 AM Same here.Quote:
Originally Posted by htbI see it going up and down
Posted by MoovIt, 09-13-2012, 01:49 AM Both cpanel.net & whmcs.com down againQuote:
Originally Posted by htbI see it going up and down
Posted by htb, 09-13-2012, 01:53 AM cpanel is see up of long time on they forums of 1 hrs already
Posted by MikeDVB, 09-13-2012, 01:56 AM I wasn't calling you stupid or insulting you. A very smart person could have a very open mind to one idea and a very narrow mind to another, and vice versa.Quote:
Originally Posted by Master BoPersonal attributions you started to make mean you have nothing essential to add to the discussion.I agree with you about the issue with licensing, I think for the fourth time .Quote:
Originally Posted by Master BoI conclude it, then. I do not see any sense discussing hypothetical no-pirates utopias here. We have a problem that can't be solved once and for all unless the WHMCS owners change licensing checks technique.I never said it was impossible, I said unlikely. I also said that it would make it more open to tampering, and not that it would be tampered with for sure. There are solutions for any problem, at some level or another - so surely they could do P2P distribution and avoid tampering with the right amount of work - that doesn't make it any more likely.Quote:
Originally Posted by Master BoYour knowledge of P2P seems not too profound, otherwise you wouldn't write this:
Hint: P2P approach is a good solution to current situation and that doesn't mean the owners will have no control over such a network.I was just pointing out to those 'angry' with WHMCS, that the system that is angering them so much is what WHMCS uses to protect themselves from a problem that ideally wouldn't exist. I went far enough to make an example, which you debated to a great degree.Quote:
Originally Posted by Master BoI have responded, in fact, to all your sensible questions asked thus far. Fantasies and utopias have nothing to do with real problems.Says who? If you feel my discussion is off-base then do one of two things [, or both,] and ignore it or report it.Quote:
Originally Posted by Master BoI like discussing hypothetical universes, since I am a fiction writer myself, but this thread isn't the right place for that.
I like having an interesting discussion that's related to the topic at hand, and am happy to discuss the real situation based upon hypotheticals. If you don't, then don't partake.I guess that depends on how well we all affected make our voices heard. WHMCS, from my experience, does listen to user input but as with any company - if only a couple of people complain - it will be ignored.Quote:
Originally Posted by Master BoI only say I am sure we will see more WHMCS outage(s) related to their license servers by the end of this year. As with many other companies, the owners of it won't react to such challenges until it is too late.
Posted by Steven, 09-13-2012, 02:00 AM Any type of licensing system that requires a call-home can be taken down. It doesn't matter if it's in a dozen locations.. its not hard to figure out where its calling home too....
Posted by Master Bo, 09-13-2012, 02:05 AM Yes, the entire approach should be changed.Quote:
Originally Posted by StevenAny type of licensing system that requires a call-home can be taken down. It doesn't matter if it's in a dozen locations.. its not hard to figure out where its calling home too....
When/if their site is back up, I will ask their support whether they understand how vulnerable is current approach and whether they plan to change it.
However, looks like I already know the answer.
Posted by dealdomains, 09-13-2012, 02:12 AM Just started working for me.. hope everything is fine now.
Posted by breezer1981, 09-13-2012, 02:34 AM WHMCS.com is back up now for me.
Posted by MikeDVB, 09-13-2012, 02:37 AM Indeed.Quote:
Originally Posted by StevenAny type of licensing system that requires a call-home can be taken down. It doesn't matter if it's in a dozen locations.. its not hard to figure out where its calling home too....
Distributing just makes it a harder / more difficult target. It doesn't make it impossible though.
I, however, don't think their licensing server was what was under attack (honestly, those with grievances against WHMCS likely do not have grievances against WHMCS' customers). I think, if I were to speculate, that they still have the web front and licensing all on the same machine.
Posted by Steven, 09-13-2012, 02:41 AM I would love to hear how you would do a better approach. Without a call home, piracy would run rampant. People already run nulled versions, without the call home, you wouldn't even need nulled versions, just a license key generator.Quote:
Originally Posted by Master BoYes, the entire approach should be changed.
When/if their site is back up, I will ask their support whether they understand how vulnerable is current approach and whether they plan to change it.
However, looks like I already know the answer.
Posted by breezer1981, 09-13-2012, 02:50 AM I don't believe many webhosts can afford to run nulled cpanel/whmcs. You can check the licence online easily and I doubt any serious webhost would like their customers to find out they're using pirated software.Quote:
People already run nulled versions
Posted by HostXNow, 09-13-2012, 04:52 AM Solution: get an owned WHMCS license = no problem with licensing servers.
Posted by ttgt, 09-13-2012, 05:06 AM are you sure ? my license is owned and i got the issue today.Quote:
Originally Posted by HostXNowSolution: get an owned WHMCS license = no problem with licensing servers.
Posted by Master Bo, 09-13-2012, 05:14 AM Yes, I could offer/develop a better approach, based upon distributed network with both verification of a license and no known/definite IP or IPs set that could be silenced with DDoS, thus making the whole thing suspended.Quote:
Originally Posted by StevenI would love to hear how you would do a better approach. Without a call home, piracy would run rampant. People already run nulled versions, without the call home, you wouldn't even need nulled versions, just a license key generator.
All the hints were already given in the thread.
At the moment I tried several WHMCS-based client portals at hosters I have resources at - almost all still are either dead or extremely slow.
Posted by HostXNow, 09-13-2012, 05:21 AM It's also something to do with the local key. MikeDVB provided a workaround for that lasttime.Quote:
Originally Posted by ttgtare you sure ? my license is owned and i got the issue today.
Posted by HSN-Saman, 09-13-2012, 05:28 AM I've seen some , and reported them to whmcsQuote:
Originally Posted by breezer1981I don't believe many webhosts can afford to run nulled cpanel/whmcs. You can check the licence online easily and I doubt any serious webhost would like their customers to find out they're using pirated software.
-Saman
Posted by ttgt, 09-13-2012, 06:40 AM do you mean http://www.webhostingtalk.com/showpo...&postcount=172 ?Quote:
Originally Posted by HostXNowIt's also something to do with the local key. MikeDVB provided a workaround for that lasttime.
thanx
Posted by gsp4sale1, 09-13-2012, 07:12 AM Maybe this will help some questions...
The cPanel and WHMCS Partnership Announcement back in July highlights the beginning of an exciting new chapter for both companies. While we have already spent a great deal of time making sure this was going to be a good fit for us, now that this Partnership is completed, we're looking forward to whats needed most right now, and that is, support. This new Partnership between cPanel and WHMCS has had an significant impact already in that it has created additional strain on the WHMCS support system currently in place. Due to these circumstances, cPanel and WHMCS have agreed to bring in additional temporary resources from over at cPanel to help alleviate some of this additional load that we feel this new Partnership has helped to exacerbate. cPanel and WHMCS sincerely apologizes for this situation and we are working to rectify this issue. cPanel, Inc. is well known for world-class support. Our plan is to...
Date: Thu, 06 Sep 2012 14:18:50 UTC
Posted by HostXNow, 09-13-2012, 08:20 AM That's the one.Quote:
Originally Posted by ttgt
Posted by cd/home, 09-13-2012, 11:26 AM Even if you have a owned license or not it still does the calls back to WHMCS...Quote:
Originally Posted by HostXNowSolution: get an owned WHMCS license = no problem with licensing servers.
If you disable the licensedebug WHMCS will tell you to enable it again its already happened to several around here to my knowledge.
Posted by HostXNow, 09-13-2012, 11:32 AM Figured that after I posted! Just my WHMCS wasn't affected lastime or the past few days, due to the reason MikeDVB mentioned regarding the way WHMCS local key checks in/out. Guess I been quite lucky there.Quote:
Originally Posted by cd/homeEven if you have a owned license or not it still does the calls back to WHMCS...
Posted by twhiting9275, 09-13-2012, 11:50 AM The only reason yours wasn't affected was because your license hadn't been checked in, yes. This has nothing to do with 'owned' or 'leased'. Mine ran beautifully yesterday too, all day. Even during their last fiasco with them being "hijacked", like a treat. It's hit and miss, really.Quote:
Originally Posted by HostXNowFigured that after I posted! Just my WHMCS wasn't affected lastime or the past few days, due to the reason MikeDVB mentioned regarding the way WHMCS local key checks in/out. Guess I been quite lucky there.
Posted by XTremo, 09-13-2012, 01:20 PM I could do without all these WHMCS dramas....I've just managed to sort out the LicenseCube fiasco....now this!
Posted by cd/home, 09-13-2012, 01:47 PM Maybe its time they considered having separate licensing systems for "leased" & "owned"
Posted by Steven, 09-13-2012, 03:11 PM A simple packet sniff can make unknown ips known.Quote:
Originally Posted by Master BoYes, I could offer/develop a better approach, based upon distributed network with both verification of a license and no known/definite IP or IPs set that could be silenced with DDoS, thus making the whole thing suspended.
All the hints were already given in the thread.
At the moment I tried several WHMCS-based client portals at hosters I have resources at - almost all still are either dead or extremely slow.
It is impossible to do a remote call home, and have it be secure. The ip's can always be discovered.
Posted by freethought, 09-13-2012, 03:13 PM Security through obscurity is not security at all...Quote:
Originally Posted by Master BoYes, I could offer/develop a better approach, based upon distributed network with both verification of a license and no known/definite IP or IPs set that could be silenced with DDoS, thus making the whole thing suspended.
Posted by Noticed, 09-13-2012, 05:01 PM Ah, that's gotta suck. At least it's fixed now, lets just hope this isn't something recurring .Quote:
Originally Posted by XTremoI could do without all these WHMCS dramas....I've just managed to sort out the LicenseCube fiasco....now this!
Posted by MikeDVB, 09-13-2012, 06:12 PM Owned licenses still call home, unfortunately.Quote:
Originally Posted by HostXNowSolution: get an owned WHMCS license = no problem with licensing servers.Last time WHMCS had issues, someone was going around to popular providers and passing some commands to the WHMCS install that was invalidating the local cached key and, as such, disabling their WHMCS.Quote:
Originally Posted by HostXNowFigured that after I posted! Just my WHMCS wasn't affected lastime or the past few days, due to the reason MikeDVB mentioned regarding the way WHMCS local key checks in/out. Guess I been quite lucky there.
My post just showed you how to prevent that, as it was an issue at the time.
Posted by bear, 09-13-2012, 06:23 PM Since they are apparently back on line and this has strayed far off topic, closing. An outage thread is no place for this.
Add to Favourites Print this Article