Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Open Source ONLINE.NET WHMCS Reseller Module
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Open Source ONLINE.NET WHMCS Reseller Module

VereloxVerelox Member
edited December 2014 in General

Hi everyone,

I apologize if this is not the correct category, so please feel free to move the topic if that's the case.

Recently, we have been looking for an online.net WHMCS module that can be used to resell online.net dedicated servers, automates the termination/suspension process and of course, give the clients the ability to control the dedicated servers; but unfortunately, we ended up with a module that was $20+ monthly, and wasn't that good.

For this reason, we have coded our own module for online.net and decided to make it open source so that online.net resellers that use WHMCS as their billing system can struggle no more with the monthly payments (surely you cannot make enough profit while paying $20+ monthly for a module), but have the whole thing for free with extended features.

This module covers up the basic functions such as: State (rescue mode, reboot, etc), Networking (reverse, generate/duplicate virtual mac, etc), RAID and Remote Console (BMC), and we are planning to introduce the backup function soon as well! The module can be found at https://github.com/Verelox/onlinenet-module and a readme file is included which explains how to configure the module. In case you would like to report a bug, a vulnerability or suggest a feature, you may feel free to do so by opening a new issue. This is how it looks like:

We do hope this can come in handy, suggestions are greatly appreciated! Thank you for reading.

Comments

  • gestiondbigestiondbi Member, Patron Provider

    Really Good job!!! Hope you can make one for OVH too ;)

    Thanked by 2Verelox edan
  • @davidgestiondbi Thank you very much! I have added a screenshot as well

    Thanked by 1gestiondbi
  • Thanks!

  • Looks nice :)

  • jarjar Patron Provider, Top Host, Veteran

    Thanks for sharing!

  • @Verelox

    Well it is nice and super cool you released it under MIT license, but I use to write php scripts just like your style, although I am NOT a security specialist but I think you have quite a bit of security flaws, a big thing is: You did not sanitize variables but i did not take much time to look through you code so it can be more issues too.'

    Don't get me wrong its really cool and nice you did this, but anyone who uses this I believe can be hacked and the data can be stolen easily.

    Thanked by 1Verelox
  • @Stevie Thanks for the kind words! I too am a PHP programmer, but I made sure that everything would be secure before publishing the script. If you think you can take a look and let me know what exactly is wrong, then that would be awesome!

  • vpslegendvpslegend Member
    edited December 2014

    @Stevie said:
    Verelox

    Well it is nice and super cool you released it under MIT license, but I use to write php scripts just like your style, although I am NOT a security specialist but I think you have quite a bit of security flaws, a big thing is: You did not sanitize variables but i did not take much time to look through you code so it can be more issues too.'

    Don't get me wrong its really cool and nice you did this, but anyone who uses this I believe can be hacked and the data can be stolen easily.

    may be you should help him fixing those vulnerabilities?

    Thanked by 1Verelox
  • It is nice. Thanks :-)

  • Any chance of porting this to hostbill as well?

  • edanedan Member
    edited December 2014

    @davidgestiondbi said:
    Really Good job!!! Hope you can make one for OVH too ;)

    Yes OVH please, at least OVH+SYS :)

    And Kimsufi as bonus.

  • Lol a host that gets their stuff done and shares. +1

    Thanked by 1Verelox
  • @vladka24 said:
    Lol a host that gets their stuff done and shares. +1

    Yeah but then I went to his website and saw that they charge 35% VAT.. wtf

  • @4n0nx @Verelox Do you guys remove VAT for non european users? I heard some hosts do that.

  • @Stevie I have been looking more deeper into it now, but all I could find is that the vulnerable variables were not actually vulnerable, because they were directly passed and handled by online.net's API; and so they didn't have any implications on the host running the module or their data, because I think that online.net took care of that: but to prevent any possible hijacking attempt (even if it's going to fail), I have added more security to the code! You may feel free to take another look and let me know if you notice anything vulnerable: all input variables are now sanitized!

    Thank you very much and for everyone else for the kind words and the encouragement! We will be working on an OVH module in the near future, too!

    @vladka24 said:
    Lol a host that gets their stuff done and shares. +1
    Do you guys remove VAT for non european users? I heard some hosts do that.

    We do focus more on progress, quality and development more than anything else, so we totally have no problems with sharing software, especially if it's going to be open source because it opens the door for contributions! Regarding VAT, we cannot remove the VAT for clients in EU, because the company is registered in the Netherlands; and so we are forced to charge VAT for clients in the EU: please read http://europa.eu/youreurope/business/vat-customs/cross-border/index_en.htm

    We do also charge 21.00% VAT and 12.50% payment fee, so I'm not quite sure where @4nonx saw the 35% VAT, but that's not a problem! If you have any other suggestions, please feel free to share them!

  • @Verelox

    I am not a security expert and it has been a while since I did a php script, but I will look back at your script a bit later (I am half asleep) but I hope you did not take my comment as a stab at your project (I doubt you did but just saying) I really am thankful at open source projects and yours seems like fun, but I remember doing scripts and they lacked security and were hacked really fast haha.

    Thanked by 1Verelox
  • @Verelox

    can you pm a link where I can see this on a live site? I can try to test it for vulnerabilities and pm you if I find any.

  • @Stevie Not at all! I actually thank you very much for your help, I will PM you the details in a second. Thank you!

  • vladka24vladka24 Member
    edited December 2014

    @Verelox I've checked out that link and it says you don't have to charge VAT for outside of EU. So would guys be willing to only charge the payment fee.

    Also regards to the 'vulnerabilites', there non... Well from what I can see.

    Thanked by 1Verelox
  • @vladka24 Yes! We do not charge for customers outside the EU, we only charge these inside the EU. There are however new rules that will come into action on the first of January in the next year, so I think some changes will be done. Meanwhile, we must charge customers inside the EU as last time we checked with the registration office, they instructed us to do so. Here's the quote from the page for the new changes:

    Selling to consumers

    >

    You must normally charge your customers VAT at the rate that applies in your country, except for telecommunications, broadcasting and electronic services, which are always taxed in the country where the customer belongs (where a private person has a permanent address or usually resides or where a non-taxable person is established).

    The new VAT rules above come into force on January 1st 2015.

    So we only charge for customers inside the EU in the meantime, until the new rules apply. We only have control over the payment fee, and we charge 12.50% due to the fees paid when we receive transactions.

    I also thank you for taking a look at the code, I'm glad that you were not able to spot any vulnerability!

    Thanked by 1XiNiX
  • will work in version 6 whmcs?

  • XiNiXXiNiX Member, Host Rep

    Great work. I think a new section of "contributions" can be added to keep such contibutions stay noticed.

Sign In or Register to comment.