Whmcs 8.5.1 Nulled
Mood Phaneuf
Please ensure one or more of the "Domain Registration Options" are enabled under Setup > General Settings > Domains tab and it should resolve this. Alternatively if the product doesn't require entering a domain name, disabling "Require Domain" for it under Setup > Products/Services > Products/Services can be used instead.
I am using a version of the six theme with the headers and footers slightly altered to match my existing wordpress site......iv just looked in chrome and it seems to be hiding the form with css. I dont seem to have any errors....its bizzar
I would go back to basics and work out what changes you've made to the header & footer... it's usually better to have clean (unmodified) versions of "Six" and "Standard_cart" available for you to use so that when you see something like this, you can switch to using the clean versions and re-test... if it works with the clean version, then you know it's something to do your custom template... if it doesn't work with clean version, then the problem might lie elsewhere.
it's likely going to be one of those slight alterations that is causing this - but only you know what changer were made.. it might be multiple clashing jquery calls, but ultimately it could be one of many things.
Yes, I think iv worked out the problem....Wordpress doesn't let you use the dollar sign for jquery to prevent clashes with plugins and stuff. whmcs does use the dollar sign in some of its javascript so when i include the wordpress header and it loads all the wordpress stuff it is stopping the javascript within the whmcs six template from working.
I have SPF, Reverse DNS setup, and from the headers a customer sent me it looks like everything is correct coming from my server. I am not sure why the invoices and notices are being marked as spam (also happens on Yahoo Mail sometimes).
All my mail being marked spam when sent through whmcs. I am using SMTP for sending mail. Even the WHMCS support request link inside WHMCS returns my mail but if I send it from inside my server they get the mail. Yahoo and frontier mark it spam and hotmail discards members don't get mail at all. Any ideas anyone? Anyone having the same problem here?
I discovered, after a LOT of trial and error and searching, that the headers in the outgoing email were showing the sender as "nob...@server.domain.com", and that changing this to a real email address seemed to be the magic bullet.
The confusing part of fixing it was a comment in the default php.ini file that said a particular setting only applied to Microsoft servers, and I am using Linux -- but the Linux servers do, in fact, use this setting, despite the comments in the php.ini file.
there are a few other ways to accomplish this, including adding the following entry to the virtual host in the httpd conf: php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f existing_default_user@the_domain.com
The fact that your emails come from nobody@ means that you are running your PHP as a shared module, running under the user id of nobody. That means that any user on the server can harvest your WHMCS database looking for credit cards, usernames and passwords.
The only way to stop that is to use a dedicated server (or, almost dedicated, with only a few trusted and secure users on it); or to use the suexec/phpsuexec patch to PHP to make it run as a separate user for each different account. While this may be a barely acceptable risk for a small company (
The problem you're getting with emails from WHMCS being marked as spam is really a combination of the fact you're running your PHP as the nobody user (shared across all users on the server, just to emphasize a point!) *and* you're using the PHP mail() function with the default settings. As mentioned earlier one fix is to use SMTP, but the superior fix is to fix your PHP.
One thing I've found that spam filters don't like is the hyperlinked image fpr the email header. Even when taking out the URL in the admin config, whcms still seems to place it there - just with a 'no image' URL.
Not sure if that's totally correct as I haven't looked into it fully enough to query it, but that and the PHP mail() seem to be the main causes. Anything else would be down to the wording of people's individual e-mails
Joweb, as brianoz points out, it is probably sending using the default phpmail(). You should double check that your SMTP settings are 100% correct. By sending with SMTP, you would normally not have Return-path set to nobody, but the SMTP user.
As a test, and if you are root on a cpanel/whm box, you can go into whm and tweak settings, and check prevent nobody from sending mail. Send a message again, and chances are it won't send anything... That would confirm that your SMTP connection is not working and your WHMCS is using the default php mail() instead.
Thanks, I have disable the prevent mail from nobody and tested WHMCS. It is now using SMTP configs. My setting where correct maybe my server was making it from nobody as a default? Not sure, now my question is should I leave it set to prevent mail from nobody. What will that change if anything.
If you look at frisco's example above, or my second example above (adding a phpsendmail script), that can also do the trick. Both of those will set the sender to a domain sender, rather than something like nobody@host. If you add it using a phpsendmail, make sure to chown it to 755. You will also need to add the and to the phpopenbasectl.
It will simply prevent scripts on the server from sending out as nobody, so any of the suggestions I made above should remedy that. It doesn't harm anything, but does allow for a bit better tracking, and in the event of someone using your server to send spam, will ultimately allow you to trace those better.
Also, rebuilding PHP with PHP SuExec support would also allow you to track down script spam users even better, but also raises additional concerns, since with phpsuexec, all scripts are run as the user and not 'nobody'. Some scripts have problems with suexec, although arguably, it provides some additional security.
I don't know how to say this, but I have to emphatically disagree. Running without phpsuexec on a shared server is a major exposure for your billing system (actually for any account). The vulnerability is that ALL database usernames and passwords can be read by any account on the server, or any exploited account on the server. I'm not making this up; it's true. [i've been a unix sysadmin/programmer/trainer/lecturer for 25 years] So, do be scared :wink:; turn on phpsuexec, and do it now, trust me; you need multiple layers of security and this should be one of them. By the way, phpsuexec/suexec is NOT a magic security immunity pill, you have to do stuff like mod_security and others as well!
[bTW - another essential security toolbox item is the firewall CSF - a great tool which integrates fully with cpanel (works well on non-cpanel too) and is actively maintained by the author, unlike the older and now outdated APF and the somewhat unstable BFD). It can also self-update which is a boon.]
Of course it is crucial to secure your box, in more ways than was covered here. CSF is indeed a very nice solution and an especially excellent tool for "noobees", since it simplifies managing a statefull firewall, along with a few other very nice tools by the same author. I do agree, in shared environments that enabling php suexec is preferred.
Have correct PTR, DKIM, SPF and DMARC all set up and have checked blacklists - all clean - but Gmail says "lots of emails from domain.com are identified as spam". We are not spamming anyone, only sending out invoices and support replies.
I decided back in May 2013, I was fed up with constant updates from WHM** and they used to be issued every night at 2am GMT - 4am GMT. They always broke patches and was slow on support. They also wasn't active on their forums and try to hide everything. Stop you from posting on their facebook, they are immature and to think I was a customer with them since 2008.
Anyway yes I had enough of them and though right I need out. Why have a broken billing system. I was thinking about HostBill, ClientExec and Blesta, and thought which one was better... I then found out HostBill was just like WHM** and also based some of their code from it. So why would I move to the same system? So I put that out, I looked at Blesta's demo and looked at ClientExec's. ClientExec was hard to use and wasn't cheap.
I went to Blesta's and saw it was $99 owned unbranded license and a free upgrade to 3.x. I then saw they did a 30% off and thought I'd be cheeky and contact the guys at Blesta to see if I could use it to move from WHM** because I didn't have the full amount in my PayPal. I found out that the $99 was already a promotion and cheaper than normal from Paul and I thought yes I need to save up and use Blesta because it's perfect, it's secure and simpler to use.
I posted on our Facebook page that we was getting ready to migrate to a new system shortly. My mate Dave from FRH contacted me and asked which one I was considering since they was also thinking about moving from WHM**. Anyway they bought their license before me and I bought ours a few days after.
Joining the forum and having a nice experience I knew I made the right choice... and when we got the Beta email to join the forum, I was on this new forum faster than you can say good bye. And I've never ever looked back. Best investment I've put into my business. And that's why I support Blesta and help other to move because it's so much better on this side and not the competitors who put themselves first and not their customers.
Having lots of modules, plugins, and features is only nice if you actually need them. If WHMCS does something that Blesta doesn't, and you actually *need* that feature... then go for it. Use WHMCS. (And be sure to let the Blesta developers know about the feature you needed, so they can be aware of it.)
4a15465005