studeggle Posted September 29, 2009 Share Posted September 29, 2009 I have the latest stable version of WHMCS 4.0.2 but someone just generated themselves $100000 in credit and proceded to order against it. Luckily we hand screen orders after the auto screen so they got nothing, but any using automated setup beware. I have contacted WHMCS about it and am promising them full cooperation in identifing the way they accomplished it so it can be patched. It is possibly the Beta 4.1 may be safe but we don't use beta for production enviroment, unless its a beta patch I have the IP and logs if anyone wishes to contact me off the boards for them. Sorry even though I don't view a conartists info as covered by our privacy agreement I won't post it on TcAdmins forums. Link to comment Share on other sites More sharing options...
trancemode Posted September 30, 2009 Share Posted September 30, 2009 hmm yeah.. i already know about this. somoene did that to themselves too. that is why i stop doing automate setup. he got a free server for like few hours lol Link to comment Share on other sites More sharing options...
Dan M Posted September 30, 2009 Share Posted September 30, 2009 I don't use the credit feature anyway, in order to pay tax on products a service needs to be paid for, so that money would go through tax free, which they wouldn't allow us to do. Thanks anyway Stu. Link to comment Share on other sites More sharing options...
Derek Posted September 30, 2009 Share Posted September 30, 2009 another reason not to use automated services. Link to comment Share on other sites More sharing options...
trancemode Posted October 1, 2009 Share Posted October 1, 2009 I agree. automated is a no... due to these things. Anything made by human is possible to be crack or hack by human unless they are super humans! Link to comment Share on other sites More sharing options...
Derek Posted October 1, 2009 Share Posted October 1, 2009 4.1.1 just came out. Link to comment Share on other sites More sharing options...
studeggle Posted October 1, 2009 Author Share Posted October 1, 2009 4.1.1 has fixed the problem. Although I will still be checking orders by hand to ensure the automated check didn't miss anything. Computers are wonderfull time savers but they can't think for themselves Link to comment Share on other sites More sharing options...
trancemode Posted October 1, 2009 Share Posted October 1, 2009 cool. any new features? Link to comment Share on other sites More sharing options...
Dan M Posted October 1, 2009 Share Posted October 1, 2009 Here is the changelog for you. Feature Highlights Server Groups – designed for web hosts who want to designate specific packages going to specific servers, groups now allow you to define that for example hosting plan A can be installed on servers 1, 2 & 3, whilst hosting plan B can be installed on servers 3, 4 & 5 with options to assign new accounts until the default server is full or in a round-robin fashion to the least used server. Disk Space & Bandwidth Overage Billing – initially supported for cPanel, DirectAdmin & Plesk, you can now specify soft limits for disk and bandwidth with the packages you sell and WHMCS will then bill users for any amount used in excess of that. Usage stats are imported from the control panels API and charges are calculated on the last day of each month with the option to be invoiced immediately or added to the users next invoice. Configurable Options – now have the ability to hide options and sub-options from the client area order form while leaving them enabled for legacy use on existing clients accounts. Also added is the ability to set a minimum required quantity and maximum allowed value for quantity based option types. Client Files – you can now upload individual files to users’ accounts, with the ability for them to be admin only or accessible to the client also. Files the client is allowed to see are then shown in the client area for them to download. This can be used for things like contracts, signed agreements, and anything else you need to store! Additional Mass Mail Filter Options – the mass mail filter options have been extended to include client groups, language and custom fields. The custom field filters mean you can now easily create a “Subscribe to Newsletter” and/or “Subscribe to Notifications” checkbox in order to send mailings only to those users who have agreed to them. And the ability to select multiple criteria at a time allow for more fine tuned emailing to a wider range of clients in one go. Custom Field Descriptions – now you can add a description to your custom fields in order to advise the user on how or what should be entered into the field. Bulk Pricing Update Utility – this is a new addon utility which allows you to make mass updates to existing clients products, services, addons and/or domains pricing for their next invoices. Addon Auto Activation & Welcome Emails – now have the ability to set welcome emails for addons which can be automatically sent on payment and a hook point for activation which allows you to add your own code for provisioning Additional API Functions – Lots of new API calls have been added providing data retrieval methods for remote apps and there is now a choice of 2 response types, name/value pairs as previously and XML. New Modules Dot.TK Hexonet Cloudmin InterWorx (Update) Moneris TrustCommerce PSIGate Refunds Payflow Pro SDK Update Admin Usability Enhancements Invoice Items Preview – from the admin area invoice lists you can now preview the line items of those invoices simply by clicking the total amount thanks to a fancy ajax tool! Cancel & Refund Order Button – a new order action which automates refunding of the invoice and cancelling of the order including termination of any automatically provisioned services in a single automated action – a real time saver! Intelligent Search CC Last Four – entering the last 4 digits of a credit card into intelligent search will now locate the user that card belongs to Add Transaction as Credit – added a checkbox when entering transactions to define if the transaction amount should be added to the clients credit balance as pre-payment thus saving a step and making it easier to do Client Balance Statement – a new report has been setup which gives an account register overview for a client totalling debits and credits for the clients account accessible from the Client Summary page of any client My Notes on All Pages - you can now view your personal admin notes from any page and make changes (previously shown on the admin homepage only) Activity Log Filter – can now search the activity log to locate events and actions more easily Enom SSL Resend – the enom SSL module has now had a resend configuration email button added to be able to resend it on request for previously ordered certificates Cleanup Utilities – added attachment cleanup option to remove old attachments from tickets Support Ticketing View Ticket Admin Template – the admin view ticket page is now templated allowing you to completely customise the layout & data shown for tickets making it work exactly the way you want. Support Tickets CC – individual tickets can now have additional email addresses entered for where replies should be CC’d to and replies only go to the client and contact that opened the ticket, not all contacts Merge With Another Ticket – you can now enter a Ticket ID when viewing a ticket to merge with instead of having to locate and select both in the same list Support Ticket Pipe Replies Only – a new option has been added to departments to enable piping of replies to tickets but disallow opening of tickets by email and thus require opening from the client area – a great way to eliminate spam! Support Ticket Reply Email Logging – added the ability to disable saving of email messages for ticket replies (as they just duplicate the ticket itself) Client Area Enhancements Client Area My Details Update Confirmations – Now a green successful confirmation message shows when a client submits a change. Previously, it has shown a red error box for failure but no confirmation on success. Password Reset Process – the reset process will now ask the user for their account security question response if set before first sending a confirmation to their email address with a link which needs to be followed to authorize the request when a new password is then generated and emailed to the user Announcements Pagination – the announcement page will now display 10 announcements per page with links to move forward and back between the pages. Bug Fixes Fix to default payment method selection when primary gateway option is disabled for product group Fixed action hooks not passing through name/value pairs Tax shown during order process even when logged in as tax exempt Use own domain allowing through blank TLD Gateway Log result filter not showing all options Block existing domains only should block items of the same type Monthly Affiliate Report emails wrong colspan for no referrals message Client summary invoices balance doesn’t take into account refunds Upgrade process updated to use the active order template rather than cart Stop support ticket billing entry being cleared on every field click Don’t let upgrade orders be ordered when there’s an open invoice Taxes always being applied to upgrades regardless of product settings Client currency wasn’t saving if register_globals were enabled Client area domain renew was allowing renewal orders for TLDs without pricing configured Dedicated IPs assigned by cpanel module weren’t being saved Card Expiry Notices & Removal going out a month earlier than they should CSV export files updated to strip commas from field values Server revenue forecast report modified to convert all values to base currency Client apply credit to invoice not taking into account partial payments on balance checking Google Checkout fee logging updated for new pricing structure Added additional default TLD specific domain length requirement checks Link to comment Share on other sites More sharing options...
leetservers Posted October 2, 2009 Share Posted October 2, 2009 Any issues with TCA and 4.1.1? -bobby Link to comment Share on other sites More sharing options...
studeggle Posted October 2, 2009 Author Share Posted October 2, 2009 None so far Link to comment Share on other sites More sharing options...
GS-Liam Posted October 2, 2009 Share Posted October 2, 2009 Nope, i've been using beta aswell and had no issues, updated to 4.1.1 stable and no issues either Link to comment Share on other sites More sharing options...
Dorkslayz Posted November 5, 2010 Share Posted November 5, 2010 Thats why you use 4.03. Link to comment Share on other sites More sharing options...
GS-Liam Posted November 5, 2010 Share Posted November 5, 2010 Thats why you use 4.03. Why bump a post from over a year ago ? Theres also a whmcs 4.3.1 out now Link to comment Share on other sites More sharing options...
studeggle Posted November 5, 2010 Author Share Posted November 5, 2010 Yea, long dead issue. If anyones still using 4.0.2 they kind of deserve to be hacked Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.