Monthly Archives: November 2013

WHMCS 5.1 & 5.2 Maintenance Updates Released

From the WHMCS blog:

 

We have published new maintenance releases for the 5.1 and 5.2 versions of WHMCS.

The updates provided within these releases are maintenance related and do not address any security concerns. Therefore there is no immediate urgency to apply them.

Which Update Do I Need?

If you are running version 5.2.13, you may apply the 5.2.14 Patch Set.

If you are running version 5.1.14, you may apply the 5.1.15 Patch Set *OR* upgrade using the latest 5.2 Full Release.

If you are running any other version, you must use the latest 5.2.14 Full Release download to ensure all previous updates get applied appropriately. This, as always, is available from our members area.

PLEASE NOTE: Version 5.1 reaches End of Life on Saturday, November 30th, 2013. No further maintenance or security updates will be provided after this date. For more information regarding our Long Term Support Policy, please refer to our documentation here: http://docs.whmcs.com/Long_Term_Support

Full Releases

A full release distribution contains all the files of a WHMCS product installation. It can be used to perform a new install or update an existing installation (regardless of previous version).

v5.2.14 (Full Version) – Downloadable from the WHMCS Members Area
– Upgrade Instructions: http://docs.whmcs.com/Upgrading#For_a_Full_Release_Version
– MD5 Checksum: b49c220fcc919539a00db7f1e2712244

Patch Releases

Patch sets contain only the files that have changed between the previous release and this update. For that reason, Patch Sets are only valid for upgrades from the specific revision version numbers indicated below.

v5.2.14 (Patch Set) – http://go.whmcs.com/286/v5213_incremental_to_v5214_patch
– Can be used to upgrade from Version 5.2.13 only
– MD5 Checksum: 60d76f725c64d08c69a56489dd50c3e9

v5.1.15 (Patch Set) – http://go.whmcs.com/282/v5114_incremental_to_v5115_patch
– Can be used to upgrade from Version 5.1.14 only
– MD5 Checksum: d364d03373ee7e4fe4ca2504c36c0d51

Upgrade Instructions: http://docs.whmcs.com/Upgrading#For_a_Patch_Set

If you are running any other version, you will need to use the Full Release itemized in the previous section.

Changelog

For a full list of resolved issues, please refer to the changelogs at the URLs below.

5.2 — http://docs.whmcs.com/Changelog:WHMCS_V5.2
5.1 — http://docs.whmcs.com/Changelog:WHMCS_V5.1

Bandwidth restrictions removed. Resellers increased.

Effective immediately, we will begin removing all bandwidth restrictions from our shared web hosting accounts & packages. After careful review, we have found that the majority of our shared hosting accounts technically do not need hard set quotas.

Over the next few days, we will be updating our servers with the restriction removals for each hosting plan. This means inside of your cPanel account, you will see a “oo” slightly above the bandwidth usage statics on the left side of your cPanel.

We’d also like to let you know that allowing “unmetered” bandwidth does not mean “unlimited”. We have implemented a “fair use” policy, which can be found in our terms of service as well as below this article.

We also want you to know that this does not mean our quality of service will drop; our servers will continue to be monitored and maintained to continue performing as they are currently. Frequently, people get the terms “bandwidth, traffic, resources” mixed up & become confused. We’re simply removing the hard set quota to allow our customers to focus more on building their sites vs watching their bandwidth limits.

Our storage allocations will remain the same; we do not offer “unlimited” disk space or storage space. Each plan has a hard set quota for storage.

Reseller Plan Bandwidth Increase

In addition to removing the hard set quotas for shared web hosting, we have also increased our bandwidth allocations for resellers, both traditional “single-server” reseller hosting plans as well as our cloud hosting plans. Our website will be updated over the next few days with the new specifications for all shared & reseller hosting plans.

WHMCS Security Advisory TSR-2013-009 – Upgrade Now

WHMCS has released new updates for all supported versions of WHMCS. These updates contain changes that address security concerns within the WHMCS product.

We strongly encourage you to update your WHMCS installations as soon as possible.

WHMCS has rated these updates as having important and critical security impacts. Information on security ratings can be found at http://docs.whmcs.com/Security_Levels

Releases
Please update your installation to the one of the following versions:
v5.1.14
v5.2.13

Patches – What is a Patch?

Incremental patches can be downloaded by following the provided links below. These patch sets contain only the files that have changed between the previous release and this update. The previous release version that these patch sets are designed for is clearly indicated as the first and smaller number.

Do not attempt to apply an incremental patch set to an installation that is running a different version than the indicated version. Doing so will result in a “Down for Maintenance” message and require you to use the full release to complete the upgrade.

Incremental patches do not require any update process. Simply apply the changed files to the existing WHMCS installation.

The following incremental patches are available for direct download:

5.1.13 –> 5.1.14 http://go.whmcs.com/274/v5113_incremental_to_v5114_patch
MD5 Checksum: 6a6045dffbe7d43b3ff294e4acd87cfa

5.2.12 –> 5.2.13 http://go.whmcs.com/278/v5212_incremental_to_v5213_patch
MD5 Checksum: 94347dd8f6776b1e5a53fb3b65ce2a16

To apply a patch set release, download the files as indicated above. Then follow the upgrade instructions for a “Patch Set” which can be found at http://docs.whmcs.com/Upgrading#For_a_Patch_Set

Full Release – What is a Full Release?

A full release distribution contains all the files of a WHMCS product installation. It can be used to perform a new install or update an existing installation (regardless of previous version).

The latest full release can always be downloaded from our members area at https://www.whmcs.com/members

5.2.13 – Downloadable from the WHMCS Members Area
MD5 Checksum: 2f6e51fc8a2ecd5c67dc28f87eb35cf5

To apply a full release, download the files as indicated above. Then follow the upgrade instructions for a “Full Release Version” which can be found at http://docs.whmcs.com/Upgrading#For_a_Full_Release_Version

Important Maintenance Issue Information
This Advisory provides resolution for the following important maintenance issues:

Case 2989 – Downgrade orders failing when no payment due
Case 3325 – Credit card processing fails with weekly retries enabled
Case 3467 – API GetClientsAddons fails on certain conditions
Case 3471 – Unable to download ticket attachments from first ticket message
Case 3515 – Add tilde to valid character list of redirect path
Case 3528 – Updated Smarty to latest 2.6.28 release
Case 3545 – Project Management settings redirect on save fails
Case 3482 – Improve default currency logic
Case 3641 – Allow MaxMind Service Type selection

Security Issue Information

This Advisory provides resolution for several security issues, one of which was publicly disclosed. Specific information regarding that issue can be found below.

All other resolved issues were identified by the WHMCS development team and independent researchers. There is no reason to believe that these vulnerabilities have been made known to the public. As such, WHMCS will only release limited information about the vulnerabilities at this time.

Once sufficient time has passed, WHMCS will release additional information about the nature of the security issues.

Case 3492
Remove dependency on unserialize() for admin table sorting

=== Severity Level ===
Important

=== Description ===
Object Injection Attack.
An attacker, once authenticated into the admin area of the product, could leverage user input passed to unserialize() to execute arbitrary PHP.

=== Resolution ===
Download and apply the appropriate software updates to protect against these vulnerabilities; information about software update releases is provided in the “Release” section of this Advisory.

NOTE: A temporary resolution was provided in blog post http://blog.whmcs.com/?t=81138. This post references a hook that can be deployed to an installation. The hook nullifies specific user input, mitigating the risk of nefarious input reaching the call to unserialize(). The caveat is table sorting, within the admin area, will cease to function as expected. The releases provided by this Advisory obsolete that hook. The hook can safely be removed from any deployment after the latest updates have been applied.

Internal Audit Issues 

18 resolved issues were discovered by the WHMCS development team as part of an ongoing security audit.

More information about these issues will be published at a future date.

Private Disclosure Issues 

Individual reports have been made to us from a variety of sources since the last Security Advisory. Amongst these reports only 2 issues have been disclosed to WHMCS, and confirmed as valid, which were not already discovered as part of an ongoing security audit. We would like to thank all the individuals, researchers and firms who reached out to us. Your efforts to ensure our awareness of security concerns within our product are greatly appreciated.

We would like to thank Blesta for providing both of the aforementioned, resolved issues.

More information about these issues will be published at a future date.

All supported versions of WHMCS are affected by one or more of these maintenance and security issues.

For information regarding our Long Term Support Policy, read our documentation here:
http://docs.whmcs.com/Long_Term_Support

SpamExperts SPAM Filtering: Now Available!

We’re proud to announce the launch of SpamExperts Incoming SPAM filtering for VeeroTech Systems customers. We’re including 1 domain for free for each customer. Each additional domain is $3.99/month and we’re offering discounts for bulk domains – 5, 10, 15+ domains.

To claim your free account, please log into the Account Management portal to your dashboard as shown below. Under “Order New Services” you’ll see the option to add SPAM filtering. Once submitting the order, we’ll waive the fee for the 1st domain for you, then provide you with your dashboard login information.

 

spamexperts-order                    spam-panel

Once your account has been created, you’ll need to update your MX records as described inside the informational email. If you’re unsure how to do this, just open a ticket and our support team will assist in making sure the correct MX records are entered. From there, you’ll then have access to the Spam Panel dashboard where you can adjust the SPAM threashold, view quarantined messages, whitelist/blacklist options & more!

Have questions? Open a service ticket at any time or email us at info@veerotech.net

Want SPAM filtering, but not yet a VeeroTech Systems customer? Sign up today and experience the VeeroTech difference! www.veerotech.net

Redesigned Website & Account Management Portal!

We’re pleased to announce the release of our brand new website & account management portal!

 

The VeeroTech Website

Chances are, if you’re a current VeeroTech Systems, LLC customer, you’ve already noticed some of the changes we’ve been making. Our website was redesigned with ease of use in mind along with a simple, lighter-weight design that’s easy to use. We’ve combined what used to be multiple pages into single pages to keep navigating through the website simpler.

We have re-introduced a revamped blog, which we’ll continue to update & post security advisories, guides & company information on. We’ve implemented a mailing list with our blog, so you can be alerted when there are new posts; especially good for the security advisories & company information.

Main website: http://www.veerotech.net

 

The VeeroTech Account Management Portal

Our account management portal was redesigned back in July of 2013 – with the redesign of our main website, we felt the account management portal needed to have some change as well. With the growing number of mobile devices accessing our website & account management portal, we needed to be sure our customers could gain access from most devices. This prompted us to incorporate a responsive design while keeping everything accessible & easy to use but not skimp on the features. Overall, we’re extremely happy with the outcome of the redesigned account management portal!

Account Management Portal: https://manage.veerotech.net