** WHMCS Hosted **

Secure Virtual Enviroment

Please contact Me for more info.

-------------------------------------------
It would be hosted on servers designed for WHMCS and would hopefully give you 'rest assured, peace of mind'.

I have created a POLL to see what your response to this would be.

Thanks!

:P

I went for no as I wouldn't want to have my client details stored on another server. Also everything that you offer all hosts already have access to (as they are web hosts) so I'm not sure what the appeal would be?

Are you customising it, etc?

Adam

As Adam has already stated, this is something that really needs to be in sole control of the company that is managing it. There are clients that feel that if their data is being stored by another company, other then who they are paying, they will definitely feel that it is a breach of the Privacy Policy that should have been placed upon the original company's website.

I also think that this will cost more to set up and run, then the amount of people that will be interested in this type of hosted service. You're talking about having to pay for a server (leased or colocated), paying for a full license for WHMCS, paying extra for the dedicated IPs, and paying for those SSL certs.

Do you really think you'd have the time, knowledge, and money to start this up? Even so, I don't see the demand being very high, namely because people want to have this own their own servers, and limit the amount of access to hard copy files (MySQL databases) as well as not having to pay extra when they could utilize their own services.

I have also voted no as I agree with the others.

Interesting idea for startups perhaps, but anyone serious would already host the company data on a server they fully control and only for the company use ... IMO

I would hope that the utilization of NetBSD and other security methods wouldn't be a problem... However there are going to be issues irremediable, and those are being taken into consideration.

I anticipated that those of you whom already host WHMCS on your own infrastructure would strongly disagree against this. However, newly starting companies may benefit accordingly. I hope to see this idea merge and benefit those interested.

It's a win, win situation!

Hope that helps...

Its impossible for you to do it securely without using VPS's and still thats not completely secure. WHMCS should NEVER be hosted in a shared enviroment. AKA, other sites on on the server. Its highly irresponsible and as a client, i would be pissed if i found out my host storing my personal information/credit cards on the same server as others.

If you end up doing this, you better have air tight policies or else your going to get yourself sued by so many people if that server would get compromised.

Just been discussing this with my colleague and we both agree that:

The data protection issues to this would be extreme. Especially under UK law as technically the controller of data would be the company but the server holding the data would be a totally different controller.

Fair enough if you get hacked on your own server due to your own lack of care for Data Protection then that's your problem but if any one plans on hosting a tonne of WHMCS areas the liability could be on the doorstep of the server controller...

- and no decent host is going to turn round and agree to ToS for WHMCS hosting that says.

"Your WHMCS area is hosted on our server but we disclaim from any responsibility for loss of data, hackings or legal action taken against us for your failure to protect data appropriately under law."

Well we would hope not anyway!

Plus the central server would become a hackers target.

Instead of having many widespread servers for hackers to try and hack into let's just bring all the WHMCS Client Area's together and give them one server to hack into.

I anticipated that those of you whom already host WHMCS on your own infrastructure would strongly disagree against this. However, newly starting companies may benefit accordingly. I hope to see this idea merge and benefit those interested.

It's a win, win situation!

Hope that helps...

I'm sorry to seem negative but why would newly starting companies not just use their own infrastructure? If they are not competent in running their own billing software they sure aren't going to appear competent to run someone's site!

How exactly will this work? I have a website mydomain.com. WHMCS is installed at www.mydomain.com/whmcs. How would that redirect to the server without losing my domain?

I anticipated that those of you whom already host WHMCS on your own infrastructure would strongly disagree against this. However, newly starting companies may benefit accordingly. I hope to see this idea merge and benefit those interested.

It's a win, win situation!

Hope that helps...

I'm sorry to seem negative but why would newly starting companies not just use their own infrastructure? If they are not competent in running their own billing software they sure aren't going to appear competent to run someone's site!

How exactly will this work? I have a website mydomain.com. WHMCS is installed at www.mydomain.com/whmcs. How would that redirect to the server without losing my domain?

LOL, you might want to be careful about making the comments about other hosts that you just did and then asking a question like that. =P

They would simply direct a subdomain to an IP hosted at another host.

eNetHosts: I can see your point, about the security issues. Those would be addressed with the use of DoS protection, Firewall, IPTables etc etc. It would be a very secure framework.

onestopad: You would simply create an A name record or a CNAME depending on each individual setup.

This was primarily designed for those of you, who wanted WHMCS hosted in a secure framework. Daily backups (Which most don't do, let's be frank!), Hosted separately incase your own companies infrastructure goes down and giving you peace of mind hopefully. They were the intentions :)

Yes thanks MACsrc I know about subdomains and also how to redirect them but my questions was what if it was installed in mydomain.com/client not client.mydomain.com?

My point being that not everyone uses subdomains or wants to...

Spooked - I think you have a good point with regards to it being somewhere else if there is a problem with your own infrastructure!

SpookedOut: how would you handle the security of the mysql databases, apache, and php?

Are you still doing this SpookedOut? :lol:

While I voted no, I believe there are users out there that would want the service as they might want their support system on a server that might be up should servers experience downtime on their network. Also it seems many are resellers that have trouble getting the server admin to set up their server whereas all functions are that are needed are installed. Also problems with server updates where the new config isn't whmcs friendly and they may or may not get the server admin to fix it.

I have to agree though that it would then become a target for hackers since there would be more info stored in one location.

I also voted no, for my reason stated above.

Someone mentioned doing this as a VPS... even though in theory it may be a bit better, it is not any more secure than a secured hosting environment, let alone the fact that the VPS itself would need to be secured.

Best policy, is get your own ded server only for this. If anyone is interested in low-end servers starting at $59 that are more than powerful enough to handle WHMCS + your site and some..., feel free to PM me.

Finding the appropriate platform to host WHMCS whether its a VPS or a dedicated server, doesn't really matter. It's the way in which it's hosted, and I think that's an important factor which you have to consider, especially for those of us who depend on WHMCS and can't afford it to go down.

It's also important for active security measures, that doesn't mean to say that your servers aren't secure when they probably are. However I was going to go above and beyond to ensure maximum security, in compliance with state laws and the data protection acts.

Hope that helps!..

Tom

Nathan123: Yes I'm still doing this, regardless :) Please PM me for more information and that goes for anybody else too :)

Tom

Nathan123: Yes I'm still doing this, regardless :) Please PM me for more information and that goes for anybody else too :)

Tom


Okay, let me know some more information. :)

I noticed your site redirects to whmcs now, why? I liked your main site. 8)

Tom, I wasn't trying to offend you in any way, but I still feel strongly about what I and others have said.

Anyway, it is up to the individuals to decide, and despite the constructive criticisms, I am sure you will find quite a few interested people! Good luck!

Trine: It's understandable, no hard feelings :)

SpookedOut is redirecting to the WHMCS client area, whilst the new site undergoes re-design. It hard a dark blue/black background It was very hard to work with. Learn one thing; Don't use dark backgrounds!

:P

I just think it would be unwise for a company to rely on ANOTHER service for their central billing/support system. Especially when it's another person running it, and you would have no control if this person just decided to run off, and let it all die.

You should just consider hosting a different script, then something as personal as this.

I'm not 'running it'. The end-user/account owner is 'running it'. There are reasons as to why I'm offering an external hosted version, If you care to read previous replies you will see why.

When you say I have no control over this? I have 100% control, and I shall be suspending any accounts immedietely If they breach TOS/AUP in place without failure.

I believe that the 'WHMCS Hosted version' would in actual fact be 'securer, safer' then hosting WHMCS yourself. Here are the reasons as to why;

1. Unix based OS (not linux i.e. RHEL based, gentoo etc etc..)..
2. DoS/Firewall Protection..
3. IPTables in place..
4. Packet filtering and Network Address Translation..
5. Regular Daily backups (Please don't tell me, every WHMCS user does that!?)..

With such a small percent of servers running NetBSD, it makes it less likely that someone will discover an exploit, find a suitable target and manage to compromise it. Hopefully that will explain this concept of 'hacking attempts'.

Tom

Tom, you are in fact running it. You are managing the server(s) that the "hosted" version would be on, you are handling everything in relation to it. You disappear, the servers go down, you leave a lot of screwed and p/issed off clients.

I was talking not referencing you, in my post, but the potential clients.

So you think that your hosted version, would be much better than what other hosts have set up on their website? Seriously, this is just an idea that will not work out. It's a great idea, but for what this is dealing with, it's not essentially something that will benefit you or anyone else, especially when the majority here already has their own instances of it running.

Sure you can find potential people, but do you really think that with their own hosting available, that they are going to want some joe-schmoe to handle something as important as their central brain hub? I think not.

I'm not 'running it'. The end-user/account owner is 'running it'. There are reasons as to why I'm offering an external hosted version, If you care to read previous replies you will see why.

When you say I have no control over this? I have 100% control, and I shall be suspending any accounts immedietely If they breach TOS/AUP in place without failure.

I believe that the 'WHMCS Hosted version' would in actual fact be 'securer, safer' then hosting WHMCS yourself. Here are the reasons as to why;

1. Unix based OS (not linux i.e. RHEL based, gentoo etc etc..)..
2. DoS/Firewall Protection..
3. IPTables in place..
4. Packet filtering and Network Address Translation..
5. Regular Daily backups (Please don't tell me, every WHMCS user does that!?)..

With such a small percent of servers running NetBSD, it makes it less likely that someone will discover an exploit, find a suitable target and manage to compromise it. Hopefully that will explain this concept of 'hacking attempts'.

Tom

Again,

Tell me how your going to handle the security of php and apache. i can almost guarantee that i can hack all the other accounts if i had an account on your server. This is why i think its a horrible idea to ever put whmcs on a server where other people are hosting on it as well.

'joe-schmoe' not sure what your trying to imply there. In addition to this statement, I have great knowledge in security, especially for NetBSD based systems. That provides me with the confidence I need In order to power this.

If the servers let's say were to go down, the following procedure would be followed;

1. Instant SMS message.
2. Failure to respond to the SMS message sent, a engineer from the data center will call.
3. If call is not answered, the server is either rebooted or necessary action is taken to eradicate the issue.

If they don't follow the following procedure they have hell to pay, period.

Hope that helps.

I'm not 'running it'. The end-user/account owner is 'running it'. There are reasons as to why I'm offering an external hosted version, If you care to read previous replies you will see why.

When you say I have no control over this? I have 100% control, and I shall be suspending any accounts immedietely If they breach TOS/AUP in place without failure.

I believe that the 'WHMCS Hosted version' would in actual fact be 'securer, safer' then hosting WHMCS yourself. Here are the reasons as to why;

1. Unix based OS (not linux i.e. RHEL based, gentoo etc etc..)..
2. DoS/Firewall Protection..
3. IPTables in place..
4. Packet filtering and Network Address Translation..
5. Regular Daily backups (Please don't tell me, every WHMCS user does that!?)..

With such a small percent of servers running NetBSD, it makes it less likely that someone will discover an exploit, find a suitable target and manage to compromise it. Hopefully that will explain this concept of 'hacking attempts'.

Tom

Again,

Tell me how your going to handle the security of php and apache. i can almost guarantee that i can hack all the other accounts if i had an account on your server. This is why i think its a horrible idea to ever put whmcs on a server where other people are hosting on it as well.

You would not be able to access anybody else's WHMCS account then your own designated account. If you were found to do such a thing.. You would be removed from the system immedietely.

Apache, MySQL and PHP are 'hackable' regardless of whether all the WHMCS are hosted on the same server. A TELNET script is actually in place, which prevents you accessing things you shouldn't be accessing.

'joe-schmoe' not sure what your trying to imply there. In addition to this statement, I have great knowledge in security, especially for NetBSD based systems. That provides me with the confidence I need In order to power this.

If the servers let's say were to go down, the following procedure would be followed;

1. Instant SMS message.
2. Failure to respond to the SMS message sent, a engineer from the data center will call.
3. If call is not answered, the server is either rebooted or necessary action is taken to eradicate the issue.

If they don't follow the following procedure they have hell to pay, period.

Hope that helps.

Truth be told, you are a joe-schmoe. Noone knows who you are, what you've done, if you're trustworthy, or if you even know what you're talking about here. I would never buy from you for the soul fact that from some posts, you speak as if though you know what you're talking about, when you don't. Not only that, but as something as sensitive as this is, I would never go with it when there's nothing reputable you have already done to back this up.

And when I said the servers go down, I'm talking about the worst case scenerio when you back out of it and let everything die. I'm not talking about "server downtime." I'm talking about you abandoning, and shutting it all down, taking people's money, and running from it.

I'm not saying you WILL do that, but it MIGHT happen. I've seen it happen before.

I just think that this idea is just destined to go nowhere, and no matter what you try to justify security with, it's just not an idea to use with WHMCS.

I'm afraid all web hosting companies have that issue. If hardware was to fail, system backups which were took earlier that day or whenever would be loaded from the 'backup hardrive'.

We have established certain hardware setups to prevent this from happening. However if all is to fail, the above is usually the last option.

Just to clarify, I would never 'run away' and leave customers. I don't do this 'fly by night' business style or the such in reply to your question Jordan.

You would not be able to access anybody else's WHMCS account then your own designated account. If you were found to do such a thing.. You would be removed from the system immedietely.

Apache, MySQL and PHP are 'hackable' regardless of whether all the WHMCS are hosted on the same server. A TELNET script is actually in place, which prevents you accessing things you shouldn't be accessing.

You would be surprised. It actually makes a huge difference if the user is already on the server or not. HUGE difference.

Also, the policy about removing someone that was doing things that shouldnt is not useful as the harm would have already been done.

You would not be able to access anybody else's WHMCS account then your own designated account. If you were found to do such a thing.. You would be removed from the system immedietely.

Apache, MySQL and PHP are 'hackable' regardless of whether all the WHMCS are hosted on the same server. A TELNET script is actually in place, which prevents you accessing things you shouldn't be accessing.

You would be surprised. Also, the policy about removing someone that was doing things that shouldnt is not useful as the harm would have already been done.

The particular servers would be monitored virtually 24/7, the end-user/account owner would not be able to execute anything which would jeopardize the server. If this were to happen, which I very much doubt god forbid.

Just out of question.. Who hosts there WHMCS on the NetBSD OS. I think you will find nobody does.

I'm afraid all web hosting companies have that issue. If hardware was to fail, system backups which were took earlier that day or whenever would be loaded from the 'backup hardrive'.

We have established certain hardware setups to prevent this from happening. However if all is to fail, the above is usually the last option.

Just to clarify, I would never 'run away' and leave customers. I don't do this 'fly by night' business style or the such in reply to your question Jordan.

At this point, I'm not even going to try to justify your opinion with my own, etc etc.

we run a few bsd (netbsd and freebsd) boxes as well as sun solaris ;)

Just because they are a bsd-based *nix, doesn't mean they are unhackable ;)

Also, in regards to:
>> Unix based OS (not linux i.e. RHEL based, gentoo etc etc..)..
netBSD is a unix-like *linux* based OS

we run a few bsd (netbsd and freebsd) boxes as well as sun solaris ;)

Just because they are a bsd-based *nix, doesn't mean they are unhackable ;)

You may be the only 1 of about 7 who do that. Most people host there WHMCS on the shared cPanel web hosting server, probably running some RHEL based OS. Now that's just something I wouldn't do *personally*.

I have removed the POLL and continue to hear your constructive comments and nothing rude or offensive for that matter.

I, speaking for myself, are not trying to be rude or offensive. As before, I think your idea is nice for startups, but if it's any more secure than any other shared environment is what most are debating here.

My suggestion is just go ahead with it. There will definitely be people that express interest in exactly this sort of thing.

Like I have already told somebody, this was created for personal/educational purposes to get an understanding of the demand and to see what the WHMCS community thought, never was it formed to create a flame-war.

NetBSD is a UNIX based OS, but does share Linux attributes your correct there.

Personally If SpookedOut could *prove* that a hosted version of WHMCS on his servers would be more secure than a version on one of my servers then I would be all up for this.

MACscr, you say that you could hack another account on the server, if SpookedOut would agree to it why doesnt he set up a server exactly how the server would be set up if he was hosting WHMCS on it now and he lets you try. If you are sucessfull then SpookedOut will have to think again on his security.

Jordan, by your defination of a "Joe-Schmoe" that would make Matt a "Joe-Schmoe" yet you are using a program that Matt has developed.

This is only my 2p so take it as you want.

Paul

Paul, I would agree with that comment, but by the time I came to whmcs a year ago, Matt had a reputable base of clients to base my decision on why I came here.

The same could be said for any business that I go with; I base my decision on previous/current customers, reviews, and what I've seen elsewhere.

Right now Spooked IS just a joe-schmoe, as I'm just a joe-schmoe to others. I'm not trying to say he's the only joe-schmoe, ever.

For me to setup a server and let MACsr try and attack it, would not be professional act and certinely something I would not even consider. That would be illegal, considering the server is located in the US.

Closing thread.

Thanks for your input.