WHMCS hanging during Maintenance Activity (-> DDoS Attack)

[Remitur]

My own WHMCS install get hanging without any reason (even impossible to login in admin or client area)

Thinking at this communication from Hexonet:
`SERVICE NOTICE: Scheduled Production Maintenance HEXONET [STARTED]

ID: 3398
Type: Scheduled Production Maintenance
Origin: HEXONET
Planned Start Date: 2021-09-01 13:28:00 UTC
Planned End Date: 2021-09-01 20:00:00 UTC
Implications: Restricted Functionality
Affected Environments: Production Environment`
I disabled ISPAPI module by FTP, and my WHMCS woke up again...

[nezzy-the-first]

Hi, modules/widgets/ move the two ispapi files out and it will work Thanks Paul Nesbitt Managing Director PAC WebHosting Ltd, Company number 6221654, VAT reg GB 167953658 Registered office: International House, 61 Mosley Street, Manchester, M2 3HZ www.pacwebhosting.co.uk<https://www.pacwebhosting.co.uk/> - 0333 123 8000 [signature_61088202]<http://www.reviews.co.uk/company-reviews/store/pac-web-hosting-> From: Remitur ***@***.***> Reply to: hexonet/whmcs-ispapi-registrar ***@***.***> Date: Wednesday, 1 September 2021 at 15:35 To: hexonet/whmcs-ispapi-registrar ***@***.***> Cc: Subscribed ***@***.***> Subject: [hexonet/whmcs-ispapi-registrar] WHMCS hanging during hexonet maintenance activity (#209) My own WHMCS install get hanging without any reason (even impossible to login in admin or client area) Thinking at this communication from Hexonet: `SERVICE NOTICE: Scheduled Production Maintenance HEXONET [STARTED] ID: 3398 Type: Scheduled Production Maintenance Origin: HEXONET Planned Start Date: 2021-09-01 13:28:00 UTC Planned End Date: 2021-09-01 20:00:00 UTC Implications: Restricted Functionality Affected Environments: Production Environment` I disabled ISPAPI module by FTP, and my WHMCS woke up again... — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<#209>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AT6CTIR2SRUCRKQYXMWRJILT7Y2ZHANCNFSM5DGUHYWQ>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. This email is sent by PAC WebHosting Limited and its contents are confidential and may be privileged. It is intended solely for the use of the addressee. If you are not the intended recipient, please delete the message from your system immediately and notify the sender of the delivery error. The contents of this email must not be disclosed or copied without the sender's consent. Any views or opinions expressed in this email are those of the author and not necessarily of PAC WebHosting.

[KaiSchwarz-cnic]

Hey Remitur & Paul,

thanks for addressing, but no idea how this could get improved. The solution is basically to disable the registrar module in such a case.

We cannot introduce a http request timeout as some api requests may take minutes to complete (3 minutes is our timeout for backend system requests). if our API isn't available, we immediately return with an error message. But as long the api is accepting connections, but is not able to respond as of an ongoing ddos attack, not sure how that could be covered.

Paul is at least right that disabling widgets that are communicating with our api, is worth it to get at least the whmcs admin area accessible.

[Remitur]

@Papakai
I just realized you're under DDOS (the message was about some kind of "scheduled maintenance")
I am sympathetic to you (DDOS authors need to die. Slowly and painfully.)

BTW: your collegues in a communication wrote

Since one of the counter measures is to use an additional IP filtering we would like to provide us with your connecting IP address for whitelisting purposes to make API access available again for you.

But not specified HOW to provide the IP...

[KaiSchwarz-cnic]

yes, I guess they noticed that issue already - things that happen in urgency.
mail the ip address(es) to "help at hexonet dot support"

[nezzy-the-first]

Hi Kai, One of the last emails mentioned this: Since one of the counter measures is to use an additional IP filtering we would like to provide us with your connecting IP address for whitelisting purposes to make API access available again for you. Please let us know if you have any questions. Where can we do this? I cannot see anywhere to do this? Thanks Paul Nesbitt Managing Director PAC WebHosting Ltd, Company number 6221654, VAT reg GB 167953658 Registered office: International House, 61 Mosley Street, Manchester, M2 3HZ www.pacwebhosting.co.uk<https://www.pacwebhosting.co.uk/> - 0333 123 8000 [signature_885528260]<http://www.reviews.co.uk/company-reviews/store/pac-web-hosting-> From: Kai Schwarz ***@***.***> Reply to: hexonet/whmcs-ispapi-registrar ***@***.***> Date: Wednesday, 1 September 2021 at 15:42 To: hexonet/whmcs-ispapi-registrar ***@***.***> Cc: Paul Nesbitt ***@***.***>, Comment ***@***.***> Subject: Re: [hexonet/whmcs-ispapi-registrar] WHMCS hanging during hexonet maintenance activity (#209) Hey Remitur & Paul, thanks for addressing, but no idea how this could get improved. The solution is basically to disable the registrar module in such a case. We cannot introduce a http request timeout as some api requests may take minutes to complete (3 minutes is our timeout for backend system requests). if our API isn't available, we immediately return with an error message. But as long the api is accepting connections, but is not able to respond as of an ongoing ddos attack, not sure how that could be covered. Paul is at least right that disabling widgets that are communicating with our api, is worth it to get at least the whmcs admin area accessible. — You are receiving this because you commented. Reply to this email directly, view it on GitHub<#209 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AT6CTIQU4BLC6IZU5Q2YJXTT7Y3UFANCNFSM5DGUHYWQ>. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. This email is sent by PAC WebHosting Limited and its contents are confidential and may be privileged. It is intended solely for the use of the addressee. If you are not the intended recipient, please delete the message from your system immediately and notify the sender of the delivery error. The contents of this email must not be disclosed or copied without the sender's consent. Any views or opinions expressed in this email are those of the author and not necessarily of PAC WebHosting.

[rocketdomains]

Email your IP to ***@***.*** Sincerely, Frazer 1st Citizen Lawyers 91 WIMPOLE ST, LONDON W1G 0EF 90 JOHN BRIGHT ST, B'HAM B1 1BN Tel 0203 4755 321 & 0121 2850 222 Fax 0121 2850 222 Web 1STCITIZEN.CO.UK <http://www.1stcitizen.co.uk/> *★★★★★ *FEATURED ON PARLIAMENTARY REVIEW <https://www.1stcitizen.co.uk/1st-citizen-lawyers-fraz-wahlah-featured-prime-minister-theresa-may-parliamentary-review> ALONGSIDE PRIME MINISTER ♥ FACEBOOK <https://www.facebook.com/British.Lawyers/> TWITTER <http://twitter.com/1stCitizenUK> LINKEDIN <https://www.linkedin.com/company/1st-citizen> LONDON DIRECTORY <https://www.london.directory/uk/1st-citizen-lawyers/> We're authorised by OISC u/ ref F 201300782. The contents of this email and any attachments are confidential. It is strictly forbidden to share any part of this message with any third party, without our written consent. It's neither legal advice, nor to be relied upon unless you receive it separately on our official letter-headed paper following payment of our fees and signing the retainer agreement. If you're not the intended recipient of this message, please reply to this message and follow with its deletion. so that we can ensure such a mistake does not occur in the future.

…

On Wed, 1 Sept 2021 at 15:52, Remitur ***@***.***> wrote: @Papakai <https://github.com/papakai> I just realized you're under DDOS (the message was about some kind of "scheduled maintenance") I am sympathetic to you (DDOS authors need to die. Slowly and painfully.) BTW: your collegues in a communication wrote Since one of the counter measures is to use an additional IP filtering we would like to provide us with your connecting IP address for whitelisting purposes to make API access available again for you. But not specified HOW to provide the IP... — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#209 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJQD5EJUINSOT7CUTY3ICZDT7Y42BANCNFSM5DGUHYWQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[KaiSchwarz-cnic]

I am curious where ***@***.*** goes to.

Again for clarification (further people checking this thread):

mail your WHMCS System's >>outgoing<< ip address(es) to "help at hexonet dot support"

[KaiSchwarz-cnic]

fyi, I've been revamping our widgets to be more performant and reliable. Caching data in Session, possibility for deactivation.
Just the domain monitoring widget can't benefit of a caching mechanism otherwise we eventually deal with false positives/wrong data in the analysis part. Suggestion: Use the new icon to keep that widget turned off in general and turn it on once a quarter or so to see if everything is fine and then turn it off again after.

Account Overview Widget
Modules Overview Widget
Domain Monitoring Widget

HTH