Is your panel open source? Do you have the code uploaded somewhere like GitHub?
Glad to hear it! I think that was a wise decision Regarding security, perhaps it would be an idea to offer a bug bounty.
A systematic set of files is encrypted. But a high volume of files, including the theme structure, is open source.
Of course, why not.
Pricing is still an issue IMO.
Edit: demo randomly returned raw JSON on login https://i.imgur.com/F2MB8bI.png
I disagree. $14.95 in comparison to WHMCS’ $39.95 (closest price in terms of features). Perhaps a cheaper tier with limited functionality (similar to WHMCS) would be a good idea.
What browser and version are you using? When I provide control, no JSON data is reflected on the screen in a standard data entry.
With a monthly $14.95, you have an advanced automation with no restrictions and no obligation to include an ad link.
That’s a very good offer.
Some powerful security measures from WISECP v1.6.2
If the location verification is active;
If two-factor verification is active;
The database access information is automatically encrypted.
There’s more to it:)
Let’s sample through Whmcs; In Whmcs via the database you can define a user’s email address to the administrator and reset the password.
Even if the database is accessed in the WISECP, you will never be able to do this. Of course, you need to find the database login information first.
Out of curiosity, what about plugins integration for domain registration including namesilo, enom, namecheap… etc etc are available?
This starts to get more and more interesting.
Soon the new API integrations will come. We’re working on it.
You haven’t seen anything yet
Ehh. This has to be symmetric encryption, e.g. the encryption key has to be stored somewhere, as one does need the plaintext credentials anyway.
I wouldn’t call the access information being encrypted, more like simply obfuscated. It’s just a matter of reversing the algorithm and finding the encrypt/decrypt key.
The db access informations is protected by an encryption key. Part of the encryption keys is generated as "private " for each WISECP user, and the other part is protected by encrypting it with ioncube in a core-level file.
So you can understand how safe and powerful WISECP is protected.
So the key is generated and obviously stored in plaintext somewhere.
I just need to reverse engineer the encryption algorithm. Which shouldn’t be that hard, nothing a debugger can’t help with. While ionCube attempts to obfuscate the code as much as possible, it’s certainly not unbreakable - and you can obviously do lower level stuff like memory analysis to figure it out.
Don’t get me wrong, from what I see you made a pretty cool product. Thr security researcher in me just can’t resist.
I love to see some in depth posts
I understand, but you need to find the encrypted piece of Ioncube to obtain the encryption key. You can’t decode the key without this. Or you can’t change the encryption method in some way. The debugger will not be much help. In addition, all ioncube files are encrypted with a special method. I mean, it’s not that easy to decode.
Apart from all this, you have to deal with such difficulties, even to find database information only. Even if you reach the database, more difficult steps await you in order to read the data and set up authorization, such as a user or administrator. Think about it.
For example When you access the WHMCS database, you can change the admin email address with a different email and receive a password reset message. But this is not possible in the WISECP.
Thank you for your interest.
Arrangements have been made for license types and prices.
You can click on the link below for detailed information about the license prices.
Just curious since this is the first time I laid eyes on your pricing page. With the lifetime package, is support included as part of the lifetime deal? Or would there be some ‘support subscription’ that needs renewed yearly?
If lifetime support comes with the package, then I’d suggest to highlight the fact on the pricing page, as that is incredible! And if not, then add an asterisk or something to point out that ongoing support needs a subscription.
At the end of 1 year, there may be an update fee of around $100 for updates with add-ons, modules and additional features. This will not be above average.
In addition, you will continue to receive lifetime “free” updates with security-related and small-scale features and systemic improvements.
In fact, this license is written in the "frequently asked questions " section at the bottom of the fees page. But with your suggestion, we will update it more clearly.
Please see: http://prntscr.com/mbl3q9