Shared Hosting
Shared HostingKnowledgebase
Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > WHMCS.com down [DOS]
WHMCS.com down [DOS]
 |
 |
 |
Posted by livetecs-hosting, 09-12-2012, 02:59 PM I just tried to login in WHMCS portal but neither portal nor websites are loading. Downforeveryoneorjustme.com also showing WHMCS as down.
http://www.downforeveryoneorjustme.com/www.whmcs.com
Posted by Askforhost-AJ, 09-12-2012, 03:02 PM Seemed to be down. But i don't think they are hacked. Maybe Network error or something.
Posted by Serverfruit-Kris, 09-12-2012, 03:05 PM They're indeed down, but I wouldn't just assume that they were hacked... There are a million and one possibilites why it could be down.
Posted by (Stephen), 09-12-2012, 03:08 PM interesting, their DNS is pointing directly to Cpanel's IPs...
Posted by Noticed, 09-12-2012, 03:12 PM Ahhh, not again .
But I agree with others they probably weren't hacked again, just unexpected downtime.
Does anyone else get this when viewing cPanel.com "Error establishing a database connection"?
Posted by ~Lee~, 09-12-2012, 03:15 PM
Posted by UnderHost, 09-12-2012, 03:16 PM There some topics "tangodown" on Twitter from hacktivist, might be the cause and also why cPanel website have some issue.
Posted by Eased, 09-12-2012, 03:26 PM
Posted by htb, 09-12-2012, 03:27 PM yes up and down here
Posted by matador, 09-12-2012, 03:27 PM I don't get how a company can be down like this...
Apart from it affecting their business, etc.. it affects current customers.
I'm on here because I cannot get into Admin interface due to WHMCS complaining its been unable to verify the licence for a few days.
Probably wouldnt be much to put that check licence script on a seperate "cloud" infrastructure, so it could atleast check current clients.
Here's hoping,
Posted by Serverfruit-Kris, 09-12-2012, 03:28 PM
But I agree with others they probably weren't hacked again, just unexpected downtime.
Does anyone else get this when viewing cPanel.com "Error establishing a database connection"?
Posted by Noticed, 09-12-2012, 03:28 PM
Posted by Eased, 09-12-2012, 03:30 PM
http://www.webhostingtalk.com/showthread.php?t=1170039
Posted by saqibnpt, 09-12-2012, 03:50 PM
Apart from it affecting their business, etc.. it affects current customers.
I'm on here because I cannot get into Admin interface due to WHMCS complaining its been unable to verify the licence for a few days.
Probably wouldnt be much to put that check licence script on a seperate "cloud" infrastructure, so it could atleast check current clients.
Here's hoping,
WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
am also getting same error when we try to login admin panel.
any other person facing this issue in admin area?
Posted by Dan_EZPZ, 09-12-2012, 03:54 PM http://twitter.com/cPanel/status/245960438150479872
Posted by saqibnpt, 09-12-2012, 03:56 PM whmcs.com completely down from every location in the world.
check it via host-tracker .com
Posted by hostgj, 09-12-2012, 04:00 PM whmcs is down again
This is really frustrating because it is not possible to enter admin in whmcs
Posted by abertina, 09-12-2012, 04:26 PM Hi
what happened to WHMCS.com?
it about 1 hour that my whmcs license is invalid and it shows me
License Noconnection
unfortunately whmcs.com is down too and i can't contact them.
Posted by nickia, 09-12-2012, 04:38 PM Down here. I run a company much smaller than WHMCS and have better contingency system than WHMCS. At bare minimum and elementary, you need to have multiple servers at different location doing the license check.
This is incredible.
Posted by httpEasy, 09-12-2012, 04:42 PM Feeling with those who depend on their license server. Hopefully they have an excuse that's less lame than the last one (or the one GD came up with after thinking hard for a day).
Posted by htb, 09-12-2012, 04:43 PM i got that right now License Noconnection
Posted by CW Mike, 09-12-2012, 04:44 PM https://www.facebook.com/whmcsfans They've got network issues.Quote:
We are experiencing network issues with our website and ticket system. Our system admin are working hard to resolve.
Posted by OzarkTechPC, 09-12-2012, 04:44 PM
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
am also getting same error when we try to login admin panel.
any other person facing this issue in admin area?
WHMCS is down for me also. Can't access my admin area either.
Posted by CW Mike, 09-12-2012, 04:47 PM
Posted by Shyuan, 09-12-2012, 05:04 PM Me too, can't access whmcs.com.
Posted by MACH9Servers, 09-12-2012, 05:04 PM
Posted by httpEasy, 09-12-2012, 05:09 PM The empire strikes back: WHMCS IP monitors report several servers down...luckily they aren't.
Posted by CW Mike, 09-12-2012, 05:11 PM
Posted by localhost-ca, 09-12-2012, 05:15 PM Appears down for me too at the moment. Was working around an hour ago though.
Posted by freethought, 09-12-2012, 05:18 PM It looks like the cPanel/WHMCS IP block 208.74.120.0/24 which the WHMCS.com web-site is on (208.74.120.227) isn't being announced at the moment, although other blocks from their 208.74.120.0/21 allocation are fine (all announced as separate /24 prefixes for some reason).
From about 19:15 to 20:45 (UK time) there was a lot of route instability for 208.74.120.0/24, which culminated in the prefix being withdrawn. I wonder if they have annoyed someone with their decision to suspend all of the LicenseCube issued WHMCS licenses and are now under DDoS so have withdrawn the affected /24 in order to restore service to the rest of the cPanel network?
Posted by breezer1981, 09-12-2012, 05:21 PM I confirm their website is still down. Godaddy, WHMCS who's next?
Posted by httpEasy, 09-12-2012, 05:22 PM See here: http://www.webhostingtalk.com/showthread.php?t=1191333
Posted by Netxons, 09-12-2012, 05:26 PM
License Noconnection
WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
Posted by breezer1981, 09-12-2012, 05:29 PM I really hope they're not hacked, not again... Some mysterious downtime from Godaddy yesterday - cPanel/WHMCS today... just a coincidence?
Posted by jrianto, 09-12-2012, 05:30 PM Yes, it is still down now.
Posted by ttgt, 09-12-2012, 05:33 PM i also can not access my admin area,hope it is safe..
Posted by Netxons, 09-12-2012, 05:35 PM The down time is more than 2 hrs now... That seem unacceptable.
Posted by htb, 09-12-2012, 05:37 PM
Posted by MoovIt, 09-12-2012, 05:54 PM I'm able to access my whmcs admin, so whmcs.com should be up soon hopefully.
Posted by UnderHost, 09-12-2012, 05:56 PM
Posted by Netxons, 09-12-2012, 06:00 PM http://just-ping.com/index.php?vh=ww...928&vhost=_&c=
Really hope they can resolved soon.
Posted by cd/home, 09-12-2012, 06:15 PM This is really becoming a problem with the issues which keep happening time upon time, I think its time WHMCS sorted them self's out I really do.
Their business is high risk so additional protection should already be in place because of this.
Posted by Keiro, 09-12-2012, 06:24 PM ... Fortunately, I didn't encounter license issues.
However, their repeated issues are causing huge problems for us. I'm thinking it's time for me to ask for a source copy of their billing system and sign an NDA so we can have a copy and patch it ourselves without having to wait for them to provide fixes. :|
(That and having the source copy and being able to strip out what we don't need would make it very awesome for us.)
I've heard reports of others having source copies of WHMCS and signed an NDA regarding it.
... Shame there isn't a copy of it floating about. >_>
Posted by CW Mike, 09-12-2012, 06:31 PM
However, their repeated issues are causing huge problems for us. I'm thinking it's time for me to ask for a source copy of their billing system and sign an NDA so we can have a copy and patch it ourselves without having to wait for them to provide fixes. :|
(That and having the source copy and being able to strip out what we don't need would make it very awesome for us.)
I've heard reports of others having source copies of WHMCS and signed an NDA regarding it.
... Shame there isn't a copy of it floating about. >_>
https://www.facebook.com/cpanel
Posted by WHMCS-Matt, 09-12-2012, 06:31 PM We are currently experiencing an outage due to a DDOS attack which is ongoing at this time. Our network admins are in the process of mitigating it.
The licensing system used in WHMCS will mean this outage has no impact on WHMCS installations providing a valid local key is present.
Matt
Posted by CW Mike, 09-12-2012, 06:36 PM
The licensing system used in WHMCS will mean this outage has no impact on WHMCS installations providing a valid local key is present.
Matt
Posted by Lost Eagle, 09-12-2012, 06:37 PM Yup ... down too
Posted by MoovIt, 09-12-2012, 06:39 PM Thanks for the news Matt
Posted by mixmox, 09-12-2012, 06:40 PM WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com.
Posted by Keiro, 09-12-2012, 06:49 PM
https://www.facebook.com/cpanel
1. To strip out the stupid license checker so as to not have to deal with that issue at all. I mean, yes, the local cached license is all well and good, but I don't see the point of doing a license check repeatedly for an owned license.
I have one, and I laughed when WHMCS told me to re-enable the ability for them to do licensedebug on our install. I said hell no, I'm not revealing our WHMCS install site so malicious users can attempt to get into it and the like.
Our message when people do licensedebug on our install tells them to check instead at WHMCS's license checker to see that we do have a valid license. Beyond that, I'm not having our install provide what version and what license we're using.
2. Strip out anything we don't need in WHMCS and provide patches internally and externally when and if we come across bugs that're crippling and/or security bugs.
Posted by CW Mike, 09-12-2012, 07:08 PM
1. To strip out the stupid license checker so as to not have to deal with that issue at all. I mean, yes, the local cached license is all well and good, but I don't see the point of doing a license check repeatedly for an owned license.
I have one, and I laughed when WHMCS told me to re-enable the ability for them to do licensedebug on our install. I said hell no, I'm not revealing our WHMCS install site so malicious users can attempt to get into it and the like.
Our message when people do licensedebug on our install tells them to check instead at WHMCS's license checker to see that we do have a valid license. Beyond that, I'm not having our install provide what version and what license we're using.
2. Strip out anything we don't need in WHMCS and provide patches internally and externally when and if we come across bugs that're crippling and/or security bugs.
Posted by MoovIt, 09-12-2012, 07:12 PM Yes please tell as my licence is now down.
Posted by phez, 09-12-2012, 07:41 PM
The licensing system used in WHMCS will mean this outage has no impact on WHMCS installations providing a valid local key is present.
Matt
I get this "WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
If you need assistance, email licensing@whmcs.com"
Posted by dareORdie, 09-12-2012, 07:46 PM Hello,
It's down for me too...I think there might be some network issue.
Posted by Xenus, 09-12-2012, 07:50 PM We are all in the same situation.
Hope they'll get fixed soon.
Posted by Simplex-Ed, 09-12-2012, 07:52 PM Annoying. We're currently dealing with a surge of customer tickets and can't access our WHMCS due to the licensing problem.
Sort it out, WHMCS.
Posted by oneawesomeguy, 09-12-2012, 07:54 PM WHMCS should hire a network security expert so we stop having these types of problems every few months...
Posted by Coolraul, 09-12-2012, 08:04 PM
1. To strip out the stupid license checker so as to not have to deal with that issue at all. I mean, yes, the local cached license is all well and good, but I don't see the point of doing a license check repeatedly for an owned license.
I have one, and I laughed when WHMCS told me to re-enable the ability for them to do licensedebug on our install. I said hell no, I'm not revealing our WHMCS install site so malicious users can attempt to get into it and the like.
Our message when people do licensedebug on our install tells them to check instead at WHMCS's license checker to see that we do have a valid license. Beyond that, I'm not having our install provide what version and what license we're using.
2. Strip out anything we don't need in WHMCS and provide patches internally and externally when and if we come across bugs that're crippling and/or security bugs.
If their license system is alive and operating and you can get in, I don't see your issue.
Good luck WHMCS ... DDOS is no fun.
Posted by Simplex-Ed, 09-12-2012, 08:07 PM
If their license system is alive and operating and you can get in, I don't see your issue.
Good luck WHMCS ... DDOS is no fun.
Posted by Coolraul, 09-12-2012, 08:10 PM Sorry Ed I know I just thought Kerio said he wasn't affected.
I wonder if Matt knows the license system is broken ??
Posted by twhiting9275, 09-12-2012, 08:11 PM Still down from here.
Hey, Matt, maybe it's time you moved to a professional hosting company instead of cheaping out. You know, one that has real security and protection.
Posted by Simplex-Ed, 09-12-2012, 08:14 PM
I wonder if Matt knows the license system is broken ??
This is a horrible feeling for a hosting company. Being able to see a customer requesting assistance but not being able to do anything.
Posted by twhiting9275, 09-12-2012, 08:16 PM Have you tried replying to the ticket via email? I thought Matt said that was supposed to be possible during things like this.
It is, indeed an entirely unacceptable situation, unfortunately not the first time this has happened.
Posted by Hoosier Mike, 09-12-2012, 08:17 PM What happened to the promise of you'll no longer be keeping all the eggs in one basket you made Matt after you were hacked/reverse engineered. A solution needs to come soon. Both, us as your client and our clients rely on WHMCS..
Posted by sol2010, 09-12-2012, 08:18 PM I also have the "your license is invalid" issue. What the heck to do now? Can't access admin... Can't believe this is happening again and nothing on WHMCS twitter ?
Anyone know the latest?
Posted by twhiting9275, 09-12-2012, 08:19 PM
Posted by Simplex-Ed, 09-12-2012, 08:21 PM
It is, indeed an entirely unacceptable situation, unfortunately not the first time this has happened.
Posted by cd/home, 09-12-2012, 08:33 PM
I felt like I gave WHMCS a second chance last time but this time my options are now open for a different platform for us to use.
Ive had a ticket opened with them about the recurring Paypal callback issues we are having still no response its been around 1 week now...
WHMCS it's time to change or time to face loosing your customer base.
Regards,
Posted by sol2010, 09-12-2012, 08:33 PM Is there any way at all to disable the license check as a temporary measure ? Any one have any hacks?
I could live with it if my system was up and running, but this is totally unacceptable and having a major impact on my business.
All was fine yesterday - but today I get the dreaded admin lock-out due to license issue.
Time to look for an alternative.
Posted by Simplex-Ed, 09-12-2012, 08:37 PM
I felt like I gave WHMCS a second chance last time but this time my options are now open for a different platform for us to use.
Ive had a ticket opened with them about the recurring Paypal callback issues we are having still no response its been around 1 week now...
WHMCS it's time to change or time to face loosing your customer base.
Regards,
That kind of money can afford something robust and reliable.
Posted by cd/home, 09-12-2012, 08:39 PM
That kind of money can afford something robust and reliable.
Infact they could have their own hardened network, failover licensing system and a load of other treats with the money they have floating around
Posted by MikeDVB, 09-12-2012, 08:52 PM Whether or not the local license will allow you to get in, depends entirely whether or not it was done recently.
If I'm not mistaken, it's good for 7 days (could be a shorter term, I forget) and during those 7 days it does not re-verify your license, presumably to lighten the load on the licensing server. So if you just expired and checked-in you could be good for 7 days. If your license was last validated Wednesday of last week, you're about to be hosed, if you aren't already.
IMHO, there are two solutions to this that are complimentary to each other:
- Have the software check in every day, and then cache that for 7 days. This gives *everybody* a 7 day window should issues happen with the licensing server and not just those who happened to expire+check in just before the issue.
- Distribute the licensing servers - don't rely upon one in a single facility and on a single network. Distribute it out to at least 3 geographically unique locations. Being able to take down every WHMCS installation in the world by taking out a single server or even a single network is ... way too easy at this point.
With as much as WHMCS and cPanel surely make in revenue, there is NO reason they cannot distribute their licensing servers as well as handle the additional load from more regular license check-ins. The additional cost incurred by making these changes wouldn't even qualify as a drop in the bucket.
Posted by twhiting9275, 09-12-2012, 08:55 PM I have to agree, distributed systems are the best option here. That's why professionals rely on multiple servers across multiple networks for this kind of stuff
Posted by hungoverfurball, 09-12-2012, 09:04 PM I dont care about the whmcs site, i don't care about the ticket system, All i care about is the license system. Not having the ability to do anything in the admin side of whmcs is just a bit ridiculous.
I really wish companies like whmcs could be held accountable for cancellations and loss of money as a result of things like this :/ maybe it would spur them to fix the stuff a lot faster if they were.
I do find it a little ridiculous that a person can ddos one server and take down all whmcs installations......
Posted by phez, 09-12-2012, 09:04 PM Having just started using this software for the past few months, I am completely annoyed that I have to pay my webdevs to sit around and do nothing while WHMCS take their sweet time to solve an issue that has seemed to occurred multiple times in the past.
... anyone looking at the alternatives and how good are they?
Posted by cd/home, 09-12-2012, 09:08 PM
Hostbill looks good but it means folking out another $300-$1,000 for their license.
When WHMCS "works" it works very well and serves our needs to a tee but when issues happen like this it seems to undo those famous words "doing us well" and turns them to "sending us to hell"
Regards,
Posted by twhiting9275, 09-12-2012, 09:10 PM
The only way to do this is to hold them accountable personally. Vote with your $$$THAT is all you. You don't HAVE to have your devs work right now, simply tell them to come backQuote:
Posted by CW Mike, 09-12-2012, 09:10 PM
I felt like I gave WHMCS a second chance last time but this time my options are now open for a different platform for us to use.
Ive had a ticket opened with them about the recurring Paypal callback issues we are having still no response its been around 1 week now...
WHMCS it's time to change or time to face loosing your customer base.
Regards,
All WHMCS needs to do now is work on a cluster like cPanel's DNS Clustering system.
4 different Servers in different DC (Like Cloudflare) and cluster it, so if one goes down, the servers still working. Or maybe they should move to OnApp with the clouds.
Posted by MoovIt, 09-12-2012, 09:10 PM
If I'm not mistaken, it's good for 7 days (could be a shorter term, I forget) and during those 7 days it does not re-verify your license, presumably to lighten the load on the licensing server. So if you just expired and checked-in you could be good for 7 days. If your license was last validated Wednesday of last week, you're about to be hosed, if you aren't already.
IMHO, there are two solutions to this that are complimentary to each other:
- Have the software check in every day, and then cache that for 7 days. This gives *everybody* a 7 day window should issues happen with the licensing server and not just those who happened to expire+check in just before the issue.
- Distribute the licensing servers - don't rely upon one in a single facility and on a single network. Distribute it out to at least 3 geographically unique locations. Being able to take down every WHMCS installation in the world by taking out a single server or even a single network is ... way too easy at this point.
With as much as WHMCS and cPanel surely make in revenue, there is NO reason they cannot distribute their licensing servers as well as handle the additional load from more regular license check-ins. The additional cost incurred by making these changes wouldn't even qualify as a drop in the bucket.
WHMCS needs to get with the times and spend some money on a decent solution so this does not happen again, if not allot of us will go elsewhere as we cant afford to lose access to our Admin every time the licencing server falls over!
Please invest some of the money we invest in WHMCS back into a reliable solution that works for all hosts around the world and has redundancy and security built in so this never happens again.
Posted by phez, 09-12-2012, 09:14 PM
Posted by marcacer, 09-12-2012, 09:15 PM When we login admin we get:
License Noconnection
WHMCS has not been able to verify your license for the last few days.
To access your WHMCS Admin Area again, first the license needs to be verified. So please check & ensure that you don't have any firewall or other rules blocking outgoing connections to our website.
How can be solve this??? I have this license over 2 years now and paid all my bills. why can't I login? Is your license server down? We never had this issue and since today this message. I need to login!!
Posted by ttgt, 09-12-2012, 09:17 PM why there is no whmcs staff find the thread and reply us
Posted by MikeDVB, 09-12-2012, 09:20 PM
All of you who are upset that your helpdesk is offline - don't think WHMCS isn't trying to get back online. It hurts your business for them to be offline, it hurts their business as well. They're surely not sitting around going, "Oh, we'll bring it all back online tomorrow sometime... For now, let's relax."
I understand the frustration / anger / etc (trust me, I really do) - but WHMCS and their licensing servers will be back as soon as they can get them back online and, unfortunately, not a moment sooner.
Posted by Branzone, 09-12-2012, 09:47 PM They should really just store the valid hostname in each whmcs local database and if it doesn't match the hostname being used throw errors. Especially for OWNED licenses this is pretty ridiculous.
Posted by wtfpict, 09-12-2012, 09:52 PM <<snipped>>
i'm still looking now for alternate, just in case this outage takes much longer, another option is replace WHMCS with other billing software which having importing / migrating tools from whmcs.
Posted by Master Bo, 09-12-2012, 09:52 PM Looks like the single point of failure for WHMCS (licensing server(s)) has been proved a good target for attacks and will be exploited on regular basis.
Unless the licensing checks techniques isn't significantly changed to make the whole product more or less immune against DDoSing well-known servers, the losses for many a hoster will be significant.
Not meaning to tease anyone (I am a customer who also senses the consequences of the outage), but looks like it's time to change something in the whole approach.
Posted by phez, 09-12-2012, 09:55 PM OK, were back!
Up for me, logged in.
Posted by MikeDVB, 09-12-2012, 09:55 PM
Any paying customers that are experiencing issues now, ultimately, can blame those issues on the countless thieves that would steal WHMCS's hard work and use it for free and/or distribute it without even batting an eyelash.
On a similar note we can blame all of the spammers out there for legitimate messages ending up in 'spam' boxes, RBLs, SPF and DKIM, etc...
We live in a dishonest world filled with malicious people. Those of us that abide the law, agreements, contracts, and pay for things always suffer the consequences.
Another example is DRM that keeps me from burning a movie (that I have rights to by purchasing it) from iTunes onto a DVD - for example. Does this stop somebody who plans on distributing this content from breaking the DRM and making it available? No... But it does keep the average user from doing things they should be able to do.
If only we could wake up tomorrow and thievery wouldn't exist - there would be no need for licensing servers, license checks, etc.
Until we do wake up in that utopia lacking theft - we'll have to deal with issues such as these. It doesn't only affect WHMCS, it affects any software that checks in regularly to make sure there is a valid license - although WHMCS is a fairly big target and they exacerbate the issue by not maintaining redundant licensing servers.
Posted by Keiro, 09-12-2012, 09:57 PM
If their license system is alive and operating and you can get in, I don't see your issue.
Good luck WHMCS ... DDOS is no fun.
My issue is simply thus - WHMCS's inability to have a fistributed licensing server platform. Too many times this has crippled us. I dislike being at the mercy of the single licensing server.
Someone said they wanted to remove the license-checker... I don't know how. I DO know how to prevent people from discovering the install location from licensedebug.
If I knew how to remove the ping-back to the licending server after having paid $300+ for this, mods and all, I'd do it so our system isn't a hostage to the single licensing server they've got right now.
WHMCS knows better. It should've had this problem fixed ages ago. It did not.
NO EXCUSES FOR IT NOT TO!
That said - DDoSes are no fun, agreed.
Posted by ttgt, 09-12-2012, 10:02 PM i can access my admin area now.
Posted by Master Bo, 09-12-2012, 10:11 PM
Any paying customers that are experiencing issues now, ultimately, can blame those issues on the countless thieves that would steal WHMCS's hard work and use it for free and/or distribute it without even batting an eyelash.
The fundamental flaw in the licensing architecture resulted in endless situations like this one. After the first attack on the licensing servers it should become clear the whole model is flawed.
Also, it isn't that extremely hard to make the whole application better protected from an average 'hacker' (nothing can save you from an expert, unless you make a piece of software that would cost 2-3 orders of magnitude more.
The blame is all WHMCS'. The flaws in architecture made the piece of software easy to crack and easy to suspend existing installations.
The sooner the developers of it understand the fact and change the underlying approach, the better. It won't cost them that awfully much.
Posted by MikeDVB, 09-12-2012, 10:18 PM
. Even if it did exist, say, to track monthly leased licenses - it wouldn't apply to owned licenses in such a world.
I don't agree that there is a flaw with the licensing system, and I pointed it out in my first post in this thread where I made two suggestions that would prevent this issue in the future. My point is that if theft/piracy didn't exist, the flawed licensing system wouldn't exist, and none of this would ever have happened.Quote:
Just as if humans never existed, WHMCS would have never existed, nobody would have ever pirated WHMCS, and the licensing system would never have existedUltimately, on some level, PHP has to be parsed by the interpreter. This means that the code has to be passed to the interpreter in a format that it can understand.Quote:
Until WHMCS isn't run on PHP, there is going to be no way to protect it from anybody but the common individual. I don't consider myself an expert, but decoding IonCube is not that hard. I know, because I used to develop software myself and had to reverse the decode on some of my software due to catastrophic data loss that was entirely my fault.I'm not saying WHMCS isn't at fault for this issue, but that if the world were a better place the situation for the issue to have existed wouldn't exist.Quote:
I think you're taking my post, that you quoted some from, as saying that we shouldn't blame WHMCS. I'm not saying that, but simply saying that the flawed licensing system is a result of issues that, in an ideal world, wouldn't exist.
Hopefully, this time around, they learn from the issue and set up geo-distributed licensing servers.
Since cPanel has stake in WHMCS, I'll make sure to bring this up at the cPanel conference next month.
Posted by mehrdadabed, 09-12-2012, 10:41 PM Seems that WHMCS is back online again,
We've already experienced heavy ddos attacks so we understand how destructive they could be, but all of us expect WHMCS as a considerable company in its field to resist against such attacks or at least change its licensing algorithm and prevent admin panel unavailability for legal users.
Good luck,
Posted by Master Bo, 09-12-2012, 10:44 PM With you permit, I simply omit the informationless parts of your response, to save my time. I am saying you switched the reason with the consequences.Quote:
The piracy was, is and will be. It's not an excuse for bad architecture.
Trying to move all the responsibility onto criminals means to openly admit one's inability to build a reliable software.If the DDoS on licensing servers is enough to efficiently suspend all legitimate WHCMS installations from normal operations, it IS the flaw. End of story.Quote:
Apart from encoding, there are many a technique to make the cracking close to useless. But it requires valid architecture - in this case, if there are license servers crucial for this to work - the whole approach can be defeated by a single DDoS attack.If I am a paying customer whose business is at stake, I do not care how and why, but I need my piece of legally bought software to work without interruptions.Quote:
Once again: it is possible to achieve and make the whole approach almost 100% immune to any type of DDoS, without huge investment in development. All the required ideas and their implementation are already available (another hint: available as free, open source software).
Posted by Keiro, 09-12-2012, 10:57 PM
If I am a paying customer whose business is at stake, I do not care how and why, but I need my piece of legally bought software to work without interruptions.
Once again: it is possible to achieve and make the whole approach almost 100% immune to any type of DDoS, without huge investment in development. All the required ideas and their implementation are already available (another hint: available as free, open source software).
I want my software to work without interruption. Having an owned license means pretty much jack **** without a globally redundant licensing server network.
And even then, if you somehow manage to hit all of them at once? You're still taking out everyone who has a legitimate license.
I wonder if the nulled WHMCS users have the same issue?
I'd be interested to know whether this is the case or not.
Posted by FRH Dave, 09-12-2012, 10:58 PM I see both sides of the last page or so of posts.
We shouldn't have to have such a complex licensing system. People shouldn't be pirating the software. People shouldn't be DDOSing the server. WHMCS / cPanel (since WHMCS is cPanel's thing now) shouldn't rely on such a single point of failure.
But the reality is, all of those things are happening. So I guess I'll add my own:
I shouldn't lose access to WHMCS because they get attacked.
I keep an eye on the other billing platforms out there. Anyone who doesn't stay on top of their options is a fool. At the moment, I'm not switching because moving xxx active customers from one platform to another is a very delicate dance, no matter how good you are.
But there's no excuse for this kind of outage. If this crops up again, I may have no choice.
Posted by MikeDVB, 09-12-2012, 11:00 PM
The piracy was, is and will be. It's not an excuse for bad architecture.I'm not 'moving' responsibility anywhere. Since WHMCS does use a licensing system, the onus is on them to build one that is redundant, reliable, and does the job well.Quote:
I am not entirely sure why you're debating, I do agree with you that their licensing system is flawed and needs improved.
But, just so we are clear, you are saying this: "If there was no piracy, the flawed licensing system would still exist as it does now." ???
Just as if fire did not exist, there would be no such thing as a fire-fighter, if piracy did not exist - methods to protect software vendors from piracy wouldn't exist. It's causality ultimately. Without the cause, the result would not exist.It is *a* flaw, but not *the* flaw. In this world it is possible for there to be a singular flaw with any given system.Quote:
Now if theft didn't exist, including piracy, then nobody would steal the work of others and encoding [obfuscation] wouldn't exist. Obfuscation is designed to hide/keep secret the actual code and if nobody ever stole under any circumstances there would be no need to protect said code. Nobody woke up one day and simply decided that encoding software was a good idea for the sake of encoding, they sell a product that is marketed to protect the software from piracy.
The licensing system for WHMCS is designed, when used in tandem with obfuscation, to protect the software from piracy and other illegal uses of the software.I agree, however, I do care at least a bit about how. For example, the system they have now has worked pretty good for the last 5 years [that I know of] except for two instances where their licensing server was offline - once due to being hacked, and then this time. I would prefer that the how included some redundant licensing servers.Quote:
Even if they distributed their licensing to 100 servers around the world, there are botnets that are capable of taking all 100 down.
Distributing it to distinct servers in geographically unique locations would help, but nothing is foolproof or 100%, ever.
Posted by Keiro, 09-12-2012, 11:08 PM
We shouldn't have to have such a complex licensing system. People shouldn't be pirating the software. People shouldn't be DDOSing the server. WHMCS / cPanel (since WHMCS is cPanel's thing now) shouldn't rely on such a single point of failure.
But the reality is, all of those things are happening. So I guess I'll add my own:
I shouldn't lose access to WHMCS because they get attacked.
I keep an eye on the other billing platforms out there. Anyone who doesn't stay on top of their options is a fool. At the moment, I'm not switching because moving xxx active customers from one platform to another is a very delicate dance, no matter how good you are.
But there's no excuse for this kind of outage. If this crops up again, I may have no choice.
Hostbill seems to be the only other alternative that comes close to what WHMCS can do.
Short of rolling our own, I can see that we have essentially no option but to keep an eye out and wait for a better option, as we have no way to roll our own.
Or rather, we do, but it'd be too costly for us to do so.
As I said earlier, absolutely no excuse for them. None. They should've learned from their past mistakes. And honestly, there's no way in hell we'd move to Ubersmith.
Hostbill is increasingly looking like a better option unless we rewrite a billing system to our specific needs... and I'm thinking it may be easier to do that instead of building one from scratch.
I even have a billing system in mind to rewrite from. May as well get to it, I suppose.
Posted by Master Bo, 09-12-2012, 11:22 PM Once again, I omit the informationless parts. Glad to hear.Quote:
My only point is that all the responsibility is WHCMS's developers'. Trying to refer to piracy, Martians, act of God etc is senseless.Cite my exact words where I was saying the above.Quote:
If you can't cite, I would suggest you to be very careful when stating someone was saying what he's not actually saying. Unless you won't like me to say you're lying.
Do not interpret me. If you need my exact answer to exact question, just ask the question, please.
In short. Piracy is inevitable. Software licensing is inevitable. Good protection against cracks and DoS is possible, the one without effect of suspending all the software installations.If licensing system has a single point of failure, it's fundamentally flawed and must be modified. Otherwise, the incidents will repeat again and again.Quote:
1. People may choose to license their work and require registration/checks even if it's absolutely free. Reasons could be many, including receiving usage statistics and feedback.
2. Obfuscation can be used to hide one's code. It's a person right to open source its software, or not.Wrong. The licensing approach may require to DoS too many Internet IPs to efficiently stop license checks. With this in mind, licensing may be as immune to DoS as their creators choose to.Quote:
Note also I said "almost 100%". In this current case, it's strictly 0% chance to avoid the disaster, once licensing servers are brought out of communication.
Posted by MikeDVB, 09-12-2012, 11:39 PM
Just like whether my soda glass on my desk is full, half full, or empty is pointless to this conversation as well - that doesn't mean it's not something that can be discussed. At least 'chicken-or-the-egg' discussion about Piracy and Licensing is relevant to this thread ... more so at least than the amount of soda in my glass.I'm not saying you did, I paraphrased what I'm taking away from your posts as I understand them, and asking you to either explain why you believe that, or to better explain what you do believe. If I were to go through and cite every statement that caused me to end up with my shortened, condensed, paraphrased statement - I would end up quoting just about your entire posts all over again for more than simply making a response to various points... It would be a waste of space and time.Quote:
Moving past the fact that WHMCS's licensing system is flawed, why do you believe that without piracy that the licensing system would exist as it does today? All I've said, from the start of our little discussion, is that without piracy the licensing system wouldn't exist as it does now - and you continue to disagree with me.Anybody with a little common sense would understand that I didn't directly cite you or quote you, but simply enclosed my understanding of your perspective within quotes to separate it from the rest of the sentence. If you want to be semantic and picky, I can be a little more careful about how I word things.Quote:
Just like keys and their respective locks - if we lived in such a utopia where theft didn't exist locks would likely be unnecessary. Similarly, locks will not keep thieves out - only those who actually intend you no harm. Any good thief will get through/past/around any lock.No system is impervious - all it would take is a botnet with the resources to take down as many servers as you have online providing licensing servers and it would be rendered useless.Quote:
The more you have, the harder it becomes to break it, but then in some senses the harder it becomes to maintain. Nothing, as I've said, is 100% however.I agree, and I've agreed numerous times - I even stated it in my first post in this thread long before you and I began debating.Quote:
This is why I am trying to understand exactly what you're trying to say and what you're disagreeing with me.But this could be done, without any impact to the end-user should said licensing servers go offline. In the utopia I am referring to, the system would not exist to limit/prevent illegal use of the software as illegal use of the software wouldn't exist.Quote:
No egg = no chicken = no egg, etc.If theft didn't exist, again, even if you saw the code - you wouldn't use it without permission so there would be no need to hide it. (Again, obviously hypothetical because theft does exist.)Quote:
The second you feel you have something immune to DDoS, by all means post that on the internet and get as much attention to it as you can. It would only be a matter of time before your challenge was taken and you were proven wrong.I'm not talking about P2P - which is different because the organization has little to no control over the distribution. I'm referring to a vendor-controlled distribution of licensing servers.Quote:
I can't say that I ever see WHMCS using a P2P style distribution system, as it opens the system up to tampering. In the utopia I've mentioned a few times, sure, they could distribute the licensing servers via p2p, but in this utopia it would be unnecessary.You say "almost 100%" while also using "immune" with no adverb such as "almost".Quote:
I think we both agree that in our current real world, that the WHMCS licensing system exists and is currently flawed.
The only disagreement that we seem to have is that I believe in my idyllic utopia vision where theft and piracy didn't exist - restrictive licensing wouldn't exist as it's a reaction to a problem that exists in the real world, but not the utopia I am referring to.
I mean, you're literally arguing points based upon my hypothetical idyllic utopia that I made up and telling me that I'm wrong... It does feel a little silly, no?
Posted by nickia, 09-13-2012, 12:16 AM
I don't agree that there is a flaw with the licensing system, and I pointed it out in my first post in this thread where I made two suggestions that would prevent this issue in the future. My point is that if theft/piracy didn't exist, the flawed licensing system wouldn't exist, and none of this would ever have happened.
Just as if humans never existed, WHMCS would have never existed, nobody would have ever pirated WHMCS, and the licensing system would never have existed
Ultimately, on some level, PHP has to be parsed by the interpreter. This means that the code has to be passed to the interpreter in a format that it can understand.
Until WHMCS isn't run on PHP, there is going to be no way to protect it from anybody but the common individual. I don't consider myself an expert, but decoding IonCube is not that hard. I know, because I used to develop software myself and had to reverse the decode on some of my software due to catastrophic data loss that was entirely my fault.
I'm not saying WHMCS isn't at fault for this issue, but that if the world were a better place the situation for the issue to have existed wouldn't exist.
I agree that changes should be made, but again, nothing you can ultimately do will protect the software 100%. Even if it was 100% SaaS - one simple security issue on the servers responsible for serving it (say, a zero-day exploit) and that source code could easily become available.
I think you're taking my post, that you quoted some from, as saying that we shouldn't blame WHMCS. I'm not saying that, but simply saying that the flawed licensing system is a result of issues that, in an ideal world, wouldn't exist.
Hopefully, this time around, they learn from the issue and set up geo-distributed licensing servers.
Since cPanel has stake in WHMCS, I'll make sure to bring this up at the cPanel conference next month.
A doctor malpracticed, and you exclaim "If disease doesn't exist, we don't need doctor and there will be no malpractice. Damn you disease, damn you."
You need to learn how to reason better and apply proper logic.
Posted by nickia, 09-13-2012, 12:22 AM
All of you who are upset that your helpdesk is offline - don't think WHMCS isn't trying to get back online. It hurts your business for them to be offline, it hurts their business as well. They're surely not sitting around going, "Oh, we'll bring it all back online tomorrow sometime... For now, let's relax."
I understand the frustration / anger / etc (trust me, I really do) - but WHMCS and their licensing servers will be back as soon as they can get them back online and, unfortunately, not a moment sooner.
People need reassurance.
Posted by MikeDVB, 09-13-2012, 12:43 AM
A doctor malpracticed, and you exclaim "If disease doesn't exist, we don't need doctor and there will be no malpractice. Damn you disease, damn you."
You state that my reasoning is flawed, by posing an even more flawed hypothetical situation. If theft didn't exist, software providers wouldn't have to protect against piracy - if you dispute that, then make your caseWho said I was trying to use 'proper logic'? I assumed anybody reading my posts would be able to understand that I was speaking hypothetically and was not discussing the real world, but an idyllic and hypothetical utopia by clearly stating as such.Quote:
This is, after all, a discussion forum. There are no rules that bar discussing hypotheticals, and I very much enjoy a good debate.Sure, and you would likely do things very differently than WHMCS currently does them. It would be nice to see regular updates from WHMCS in this thread, but I won't hold my breathQuote:
Posted by Master Bo, 09-13-2012, 01:17 AM
I conclude it, then. I do not see any sense discussing hypothetical no-pirates utopias here. We have a problem that can't be solved once and for all unless the WHMCS owners change licensing checks technique.
Your knowledge of P2P seems not too profound, otherwise you wouldn't write this:Hint: P2P approach is a good solution to current situation and that doesn't mean the owners will have no control over such a network.Quote:
I have responded, in fact, to all your sensible questions asked thus far. Fantasies and utopias have nothing to do with real problems. I like discussing hypothetical universes, since I am a fiction writer myself, but this thread isn't the right place for that.
I only say I am sure we will see more WHMCS outage(s) related to their license servers by the end of this year. As with many other companies, the owners of it won't react to such challenges until it is too late.
But of course it's their rightful choice. Dixi.
Posted by htb, 09-13-2012, 01:28 AM I see it going up and down
Posted by Netxons, 09-13-2012, 01:29 AM
Posted by Master Bo, 09-13-2012, 01:32 AM
I wonder when/if they are able to handle it within reasonable timeframe.
Posted by PlotHost-Max, 09-13-2012, 01:32 AM
Posted by MoovIt, 09-13-2012, 01:49 AM
Posted by htb, 09-13-2012, 01:53 AM cpanel is see up of long time on they forums of 1 hrs already
Posted by MikeDVB, 09-13-2012, 01:56 AM
Hint: P2P approach is a good solution to current situation and that doesn't mean the owners will have no control over such a network.I was just pointing out to those 'angry' with WHMCS, that the system that is angering them so much is what WHMCS uses to protect themselves from a problem that ideally wouldn't exist. I went far enough to make an example, which you debated to a great degree.Quote:
I like having an interesting discussion that's related to the topic at hand, and am happy to discuss the real situation based upon hypotheticals. If you don't, then don't partake.I guess that depends on how well we all affected make our voices heard. WHMCS, from my experience, does listen to user input but as with any company - if only a couple of people complain - it will be ignored.Quote:
Posted by Steven, 09-13-2012, 02:00 AM Any type of licensing system that requires a call-home can be taken down. It doesn't matter if it's in a dozen locations.. its not hard to figure out where its calling home too....
Posted by Master Bo, 09-13-2012, 02:05 AM
When/if their site is back up, I will ask their support whether they understand how vulnerable is current approach and whether they plan to change it.
However, looks like I already know the answer.
Posted by dealdomains, 09-13-2012, 02:12 AM Just started working for me.. hope everything is fine now.
Posted by breezer1981, 09-13-2012, 02:34 AM WHMCS.com is back up now for me.
Posted by MikeDVB, 09-13-2012, 02:37 AM
Distributing just makes it a harder / more difficult target. It doesn't make it impossible though.
I, however, don't think their licensing server was what was under attack (honestly, those with grievances against WHMCS likely do not have grievances against WHMCS' customers). I think, if I were to speculate, that they still have the web front and licensing all on the same machine.
Posted by Steven, 09-13-2012, 02:41 AM
When/if their site is back up, I will ask their support whether they understand how vulnerable is current approach and whether they plan to change it.
However, looks like I already know the answer.
Posted by breezer1981, 09-13-2012, 02:50 AM
People already run nulled versions
Posted by HostXNow, 09-13-2012, 04:52 AM Solution: get an owned WHMCS license = no problem with licensing servers.
Posted by ttgt, 09-13-2012, 05:06 AM
Posted by Master Bo, 09-13-2012, 05:14 AM
All the hints were already given in the thread.
At the moment I tried several WHMCS-based client portals at hosters I have resources at - almost all still are either dead or extremely slow.
Posted by HostXNow, 09-13-2012, 05:21 AM
Posted by HSN-Saman, 09-13-2012, 05:28 AM
-Saman
Posted by ttgt, 09-13-2012, 06:40 AM
thanx
Posted by gsp4sale1, 09-13-2012, 07:12 AM Maybe this will help some questions...
The cPanel and WHMCS Partnership Announcement back in July highlights the beginning of an exciting new chapter for both companies. While we have already spent a great deal of time making sure this was going to be a good fit for us, now that this Partnership is completed, we're looking forward to whats needed most right now, and that is, support. This new Partnership between cPanel and WHMCS has had an significant impact already in that it has created additional strain on the WHMCS support system currently in place. Due to these circumstances, cPanel and WHMCS have agreed to bring in additional temporary resources from over at cPanel to help alleviate some of this additional load that we feel this new Partnership has helped to exacerbate. cPanel and WHMCS sincerely apologizes for this situation and we are working to rectify this issue. cPanel, Inc. is well known for world-class support. Our plan is to...
Date: Thu, 06 Sep 2012 14:18:50 UTC
Posted by HostXNow, 09-13-2012, 08:20 AM
Posted by cd/home, 09-13-2012, 11:26 AM
If you disable the licensedebug WHMCS will tell you to enable it again its already happened to several around here to my knowledge.
Posted by HostXNow, 09-13-2012, 11:32 AM
Posted by twhiting9275, 09-13-2012, 11:50 AM
Posted by XTremo, 09-13-2012, 01:20 PM I could do without all these WHMCS dramas....I've just managed to sort out the LicenseCube fiasco....now this!
Posted by cd/home, 09-13-2012, 01:47 PM Maybe its time they considered having separate licensing systems for "leased" & "owned"
Posted by Steven, 09-13-2012, 03:11 PM
All the hints were already given in the thread.
At the moment I tried several WHMCS-based client portals at hosters I have resources at - almost all still are either dead or extremely slow.
It is impossible to do a remote call home, and have it be secure. The ip's can always be discovered.
Posted by freethought, 09-13-2012, 03:13 PM
Posted by Noticed, 09-13-2012, 05:01 PM
Posted by MikeDVB, 09-13-2012, 06:12 PM
My post just showed you how to prevent that, as it was an issue at the time.
Posted by bear, 09-13-2012, 06:23 PM Since they are apparently back on line and this has strayed far off topic, closing. An outage thread is no place for this.
Add to Favourites 
Print this Article
Also Read
Our Services
Client Menu
+1 512-782-9732
Find any answers
you need...
Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com