penguin

That's right - there are no changes in the templates between these versions

I would highly recommend that you secure that - port 3306 is normally disabled in firewalls for a very specific reason. If you need access in this manner, only open it up to your own IP address unless you eventually want your client information to be exposed to someone!

Hi Paul, welcome to the community. What issues specifically are you having?

I'm not a developer myself hence wouldn't look at selling it as it's not a clean enough product for that, but it's not that difficult to implement, especially if you're only wanting to control one switch. My module has multiple switch and APC support across many racks so a single switch will be far easier to do. I started off with the example provisioning module here: https://github.com/WHMCS/sample-provisioning-module You can effectively modify and build on this and just add the SNMP commands in the suspend, unsuspend sections, etc to control your switch ports.

I've written one that interfaces with our switches (although not Cisco the principal is the same) and APCs via SNMP - switchport control works well and is also linked to product suspensions so the switch port is dropped on a server is payment is overdue. It's very much a custom module designed for our own specific needs, but if you get really stuck I can probably help out with something or give some guidance on how to put one together.

You would normally redirect to the hostname of the server or otherwise the user will get an SSL warning as the certificate will not match the url or IP address that you are redirecting them to. WHM itself also has redirect settings in the tweak settings section and will normally redirect to the hostname as well from there, so even accessing it by it's IP address it will then redirect to the SSL secured hostname

You need the Configurable Package Addon in order to be able to automatically provision IP addresses: https://docs.whmcs.com/Configurable_Package_Addon https://marketplace.whmcs.com/product/30

cPanel passwords are visible in plain text under the username field when viewing the product details, which is where I assume the issue has arisen from. My previous comment still stands though - someone shouldn't have got that far anyway so the root cause of that access needs to be determined.

> How can this be prevented in future? My question would be how was your WHMCS installation compromised? If they had access to either your database or WHMCS admin access then encrypted passwords is the least of your worries as you would still have full access to everything else - an encrypted password with an WHMCS admin exploit would still allow someone access to the hosting accounts via single sign on, password reset, etc. You need to determine how this happened from a WHMCS perspective and secure this accordingly.

Have you checked the time on your server? This needs to be synchronised with a time server as drift will cause this to fail, being time based tokens

WHMCS have come back to me regarding this and there is now a case CORE-12285 regarding this issue. They have suggested in the meantime creating a dummy £0.00 invoice to prevent clients from being deleted, however this isn't practical for general use as it would be confusing for customers having a zero priced invoice created and also it would mean tracking these as and when they sign up.

We've been testing the new "Automatically Delete Inactive Clients" function that was implemented as part of the GDPR enhancements to automatically remove clients who did not have an invoice within a defined number of months. An issue has been noted however in that if a ne customer registers an account yet does not order immediately, when the cron runs their account is deleted as they have no invoice generated within the number of months specified. I've opened a ticket with WHMCS asking for clarification on the logic surrounding the deletion process to better understand this. If you are using this function and have any customers that have either not placed an order, or maybe use an account for support tickets only then there is a good chance they are going to be deleted so please be aware until further clarification has been given by WHMCS. If this is the case, I'd be interested to see what others think should be used to enhance this - should it look at tickets or logins within the same timeframe or have a separate timeframe for these? It certainly doesn't look good if a new customer opens an account and then hours later they are deleted because they haven't ordered.

You mention that this is in light of GDPR, however since this has been implemented it has effectively made Whois privacy as a service worthless as whois details are now hidden automatically and at no cost to the registrant

Yes, this was omitted from the upgrade. If you download the full package you can just upload that separately

It's because they are not passing a user agent with the curl request and so this blocks it. A simple fix but nothing from them for this yet