WHMCS, Part II

May 26, 2012 by raindog308

I have admit that this kind of freaked me out.

Long story short – someone woke up and found a lot of their WHMCS data missing.

Now granted, we don’t know the whole story.  The company involved might have made some mistake, they might have a script with a bug, etc.  But the as I mentioned before, WHMCS installs are going to be prime targets for hackers for the immediate future.

Here’s another thread where Aldryic from BuyVM mentions knowledge of two vulnerabilities.  WHMCS LLC is aware of them but they are apparently unfixed yet.

At the end of the day, I don’t know that WHMCS is any more insecure than anything else.  It’s like Windows in the sense that there will always be more Windows attacks that Macintosh attacks because there is a lot more Windows out there.

Still, it concerns me when WHMCS.com is repeatedly hacked from multiple vectors.  I think it was taken down four times this week, and I discovered a couple times it was down just by visiting which may be additional successful attacks.

I’m now leaning more towards using IP.Nexus, especially as Invision has now integrated domain registration into the forthcoming release of their product.

The benefits are:

• It does most everything that WHMCS does, and the things it doesn’t do are not things that are vital to me (for example, it doesn’t support as many payment gateways but it supports the ones I want to use)
• It doesn’t look like WHMCS, which every two-bit host uses
• It’s integrated into forum, blog, etc.  I was poised to write a script to automate registration of users who sign up in WHMCS to a forum – not needed here
• Free live chat, though it’s a chat room (for up to five users)…I’m not big on live chat personally.

There are some downsides:

• In my case, I already own Board+Blog+Content +Nexus from a previous project.  If I didn’t, that’d be about $270 to buy them all (not including Blog, which isn’t really necessary).
• On a monthly basis, I can get WHMCS for $5/month.  For those IPB products (Blog isn’t really necessary) I don’t have to pay anything since I own them, but I probably have to pay maintenance.  This is not required, but it gives you upgrade rights, support, antispam in the forum, and access to the chat server (which runs on IPB’s servers).  Maintenance is by product and paid biannually – all those products work out to $12.50/month.  That’s about what WHMCS costs to license if you’re not getting it discounted by a provider, but of course you’re getting quite a bit more with IPB.
• It’s a suite based on forum, though this is going to change.  So Nexus is a forum add-on, not a standalone.  In their new 4.0 “community suite” world, IPB will sell you Nexus standalone if you want, but that’s not possible now.  I think you can turn off the forum if you want.
• The URLs are not as pretty.  I could run WHMCS on my.example.com, but with Nexus, you need to use something like www.example.com for IP.Content (the CMS), www.example.com/forum for the forum, and Nexus ends up as www.example.com/forum/client.  I can probably live with that – I can always create a redirect subdomain.

I do like IPB as a forum and IP.Content can be powerful, albeit complex.  However, I’ve discovered you can simply move it out of the way (create the pages from doctype to html-close) so I won’t lose anything I’ve done on site development so far.

I was planning to run my main www.example.com on pure static HTML to keep load on the VPS down.  For IPB, I was used to running it with nginx + php-fpm on a dedicated VPS.  I might still do that.  One VPS for the main site/forum/nexus/etc., and start with one VPS for customers and cpanel/WHM.

Related Posts

Tags

Share This