Billing
- Thread starter dubs
- Start date
dubs wrong forum.
One of the following would have been more appropriate for your request:
Billing And Accounting:
http://www.hostingdiscussion.com/forumdisplay.php?f=27
Essential Software and Control Panels:
http://www.hostingdiscussion.com/forumdisplay.php?f=9
One of the following would have been more appropriate for your request:
Billing And Accounting:
http://www.hostingdiscussion.com/forumdisplay.php?f=27
Essential Software and Control Panels:
http://www.hostingdiscussion.com/forumdisplay.php?f=9
PVT-Jordan
New member
Are you looking for a script to interface with your control panel to auto-install accounts, or just to bill clients seperately?
If you're looking for a cheap auto-install script, I would go with Whois.Cart. The last time I checked it was around $30-40. Its fairly easy to use and have the necessary features that you would expect.
If you're looking for a cheap auto-install script, I would go with Whois.Cart. The last time I checked it was around $30-40. Its fairly easy to use and have the necessary features that you would expect.
block9hosting
New member
If you use cpanel+linux i have just the script for you:
http://whmautopilot.com/
You can even give it a free test run!
http://whmautopilot.com/
You can even give it a free test run!
PVT-Jordan
New member
I don't think that he would consider WHMAP "cheap"
Exon
New member
Personally I wouldn't recommend the autocreation of accounts - take the extra couple minutes it takes to create the account manually. But before that check out the domain WHOIS, does it match the info you were given? Check out the IP they had when filling out the form - does it match the billing area? Simple stuff like that can save you more time and money down the road than you think.
I personally see nothing really wrong with autocreation. However, it's not something you set on "autopilot" (no pun intended), and just walk away from. You need to keep a close eye on it.
The security issue I was referring to, in whmAutoPilot, is an issue they refuse to face. I think it has a lot to do with them boasting whmAP to be so secure that Homeland Security couldn't crack it. So, valid, publicly posted insecurities are swept aside/ignored, until or hopefully they disappear.
My complaint with whmAP is the fact that it requires you to open port 25 (SMTP) to any script that wants to use it. This is a spammer's paradise setting. Now, while whmAP is not a malicious application, that of course does not guarantee that one of your clients won't use this setting against you, by uploading a mass mailer, which points back to you. As expected, when I brought this up to them in their forum, and pointed out valid, damning arguments, they stopped responding, to allow the thread to sink in the ocean of other threads.
Dragonlordgod
Account Disabled
WHM Auto Pilot is the best. :thumbup: Very user friendly! Easy to use!
Exon
New member
I love how the last two posts are ordered chrnologically. 
I have never liked the thought of something automatically creating accounts for me though, that's my biggest issue, and it is always nice to confirm with the user, "You do want that extra static IP?" Sometimes they don't understand what they checked and won't use the static IPs requested, so why should they pay for them? Because they checked the box without reading - sure ok, I can see how it's a stupid move, but don't punish the user.
I have never liked the thought of something automatically creating accounts for me though, that's my biggest issue, and it is always nice to confirm with the user, "You do want that extra static IP?" Sometimes they don't understand what they checked and won't use the static IPs requested, so why should they pay for them? Because they checked the box without reading - sure ok, I can see how it's a stupid move, but don't punish the user.
ThinkSupport
New member
I will also suggest WHM auto pilot if he is using WHM/cpanel server only .
lol, I noticed that as well. The thing I love is seeing how many put security aside or ignore it, for the sake of the auto account creation, or simply easing the load on themselves via auto account creation. Hmmmm....possibly a new article brewing?
I just wish I could say that the owned license of whmAP was worth the money. Just a simple setting opens a can of worms.
I must agree, that if not for the port 25 issue, whmAP would be software I would consider ideal. I could then be here boasting whmAP as well. Like I said though, a simple setting like opening port 25 for any software that wants to use it (you can't simply go in and say "just allow whmAP to use this"), make you and your customers on that server vulnerable to spammers.
Then again, if getting bombarded by spammers on your server, compromising yourself and your clients, as well as getting your server's IPs blacklisted doesn't concern you.....then by all means whmAP is for you!
angelawalker
New member
<<removed>>
MOD NOTE: Post removed.
We rely on your future cooperation.
MOD NOTE: Post removed.
Rules said:
We rely on your future cooperation.
Last edited by a moderator:
Now, suppose a spammer signed up on your servers. The fact that you have it set to localhost only, make no difference.
The only thing you have secured by setting it to localhost only, is that people that do not have a domain or an account on your server, cannot spoof your SMTP.
However, if you have a spammer on your server, they would be mailing from localhost, and the fact that they would use SMTP means, they could literally send out thousands of emails in less than a min's time, and as said...it would come from localhost. In fact, using that, they could effectively, and quickly forge all of the mails to make it appear as though it's coming from YOUR domain, if they chose to do so.
Just because it hasn't happened yet, does not mean you should leave vulnerabilities like this open.
All it takes is once.
For example, most people lock their doors at night, and have never had their houses broken into, yet they continue to lock their door at night, because they don't want to take chances with their family and home.
Right you are. However, sendmail is much slower, and harder to forge. It takes a lot more time to forge a legit header in sendmail, than with SMTP, it also takes more time to send out as many emails.
In addition, with SMTP setup to accept any script's mail in localhost, the user does not have to authenticate themselves prior to sending mail via the SMTP.
I wouldn't call this a hole either. I would call this a security risk, and a sad oversite on whmap's part, because long after they were notified, they failed to provide the option of doing the way you choose. Thus far, without that option, the script requires you to make your server vulnerable.
Of course that's a choice that every host has to make for themselves and their clients. It's a choice that our company made quite some time ago, not to make our clients vulnerable for our own benefit, but again, that's just us.
In addition, with SMTP setup to accept any script's mail in localhost, the user does not have to authenticate themselves prior to sending mail via the SMTP.
I wouldn't call this a hole either. I would call this a security risk, and a sad oversite on whmap's part, because long after they were notified, they failed to provide the option of doing the way you choose. Thus far, without that option, the script requires you to make your server vulnerable.
Of course that's a choice that every host has to make for themselves and their clients. It's a choice that our company made quite some time ago, not to make our clients vulnerable for our own benefit, but again, that's just us.
I'd recomend Whois.Cart or PHPCorn if you're seeking cheap billing systems. Never utilizing any, I can't really comment of the quality of these systems, never using them before. I'd also recomend ClientExec if you're willing to spend a little more. It's definately worth the money.
-
HostingDiscussion
A community for web hosting professionals and enthusiasts, since 2002.
