ICANN Rule Updates - Compliance Using WHMCS
Your domain registrar may have contacted you recently regarding ICANN's new Expired Registration Recovery Policy (ERRP). This policy aims to ensures that domain sellers provide all the information customers need when making the decision to buy and are sufficiently informed about the expiry of their domains.
Fortunately WHMCS makes complying with these new policies easy, so let's go over the main points
- Registrars must ensure that at least 2 mandatory expiration reminders are sent to the Registrant at Expiry (RAE), approximately a month before, and a week before the expiration of a domain name. Additionally, at least one more reminder must be sent to the RAE within 5 days of domain expiration.
In your WHMCS admin area navigate to the Setup > Automation Settings page and set the 'First Renewal Notice' setting to 30. Then set the 'Second Renewal Notice' setting to 7.
To send a reminder email after the domain has expired, tick the 'Payment Reminder Emails' option and then set the 'First Overdue Reminder' setting to 5.
- The renewal fee and restoration fee have to be made available to the Registrant at the time of domain registration. These fees have to be updated on the Reseller's websites and a URL of the same has to be included in the registration agreement.
The WHMCS order form and domain checker page display the domain renewal price as standard, so no action is required on your part. However WHMCS does not deal with domain restorations so you will need to take steps to ensure clients are made aware of them. An easy way to manage this is to add an extra point to your Terms of Service web page, then enter the URL under Setup > General Settings > Ordering tab.
- The communication channel to be used for notifications must be displayed on the Reseller's website and a link for the same has to be included in the registration agreement.
To address points 2 & 3, if the following text was added to your terms webpage, that should provide sufficient compliance:
- If you are registering or transferring a domain name you must also agree to the Domain Name Registration Agreement.
- Domains shall be renewed at the same price as new registrations. The current pricing is displayed on our website.
- Domain renewal reminders will be sent in advance of expiration via email to the address stored in your client area.
- Should an expired domain enter the redemption period, the cost of restoring the domain shall be no more than $xxx.
To save having to keep a copy of your domain registrar's registration agreement on your own website and keep it updated, you can link to it directly. This can be found on your registrar's website, for users with registrar accounts provided by us can use the following:
eNom: http://www.enom.com/terms/agreement.aspx
ResellerClub: http://freeaccount.supersite2.myorderbox.com/support/legal.php?requestfor=registraragreement&from=agree_page
Finally, replace $xxx with the highest price you have set for domain redemption at your registrar.
These few simple steps should ensure you meet the minimum requirements of these new rules when selling domain names using WHMCS. You can of course go further and send up to five domain renewal reminders (as opposed to the mandated two). It's also possible to specify the length of the grace period of different TLDs, this will prevent clients from placing a regular renewal order once their domain has entered redemption, this is detailed in our Domains Configuration documentation.
Posted by WHMCS John on Thursday, September 19th, 2013
Nominet Module Update
WHMCS is releasing an updated version of the Nominet Domain Registration module released July 22, 2013 to resolve one deficiency (Case Number 2941).
Who is affected?
Anyone using Nominet to register domain names on behalf of a registered UK Limited, or Public Limited company.
What version is this for?
This module is compatible with WHMCS Version 4.5 and later.
How do I upgrade my module?
Download the updated Nominet module from the link below and upload the files contained within the zip file to the /modules/registrars/nominet/ folder of your WHMCS installation. No other changes are necessary, and all previous configuration will transition automatically to the new module.
Do I need to update to the July 22nd, and then this?
No, this is a full module update. Performing the above noted upgrade steps will resolve all open issues with the Nominet module.
Download Link
http://go.whmcs.com/202/NominetAPIUpdate9Aug2013
Posted by WHMCS Chris on Friday, August 9th, 2013
5.2, 5.1, & 5.0 Maintenance and LTS Releases
We have published three new maintenance updates to address issues identified in the security releases made earlier this week on July 23rd, 2013.
These apply to the 5.0, 5.1, and 5.2 series and we recommend updating at your earliest convenience.
We would like to thank all of our customers who have been working with our Technical Analysts over the last two days. Their informative feedback through our ticket system has been exceptionally valuable.
The latest releases of WHMCS are available inside the Client Area at https://www.whmcs.com/members
Releases
v5.2.7 (Full Version) - Available within the WHMCS Client area
- Applicable for new installs, and upgrades from any version
v5.2.7 (Incremental Update) - http://go.whmcs.com/190/v527Incremental
- Can be used to upgrade from Version 5.2.6 only
- If you are running V5.2.5, you will need to use the full version above
v5.1.9 (Incremental Update) - http://go.whmcs.com/194/v519Incremental
- Can be used to upgrade from Versions 5.1.7 and 5.1.8 only
- Includes all security updates released in Version 5.1.8
v5.0.8 (incremental Update) - http://go.whmcs.com/198/v508Incremental
- Can be used to upgrade from Versions 5.0.6 and 5.0.7 only
- Includes all security updates released in Version 5.0.7
How to Upgrade
If you are running one of the specific version numbers listed above, then you can use the appropriate incremental update package to apply just the new and changed files. After uploading the files, you will need to run the installer as usual to upgrade your database, and then you're done.
If you are running any other version, you will need to perform a full upgrade using the full-version release. You can download the latest full release from our client area @ www.whmcs.com/members and then simply need to follow the regular upgrade instructions which can be found @ http://docs.whmcs.com/Upgrading#Performing_an_Upgrade
For a complete list of cases resolved in these releases, please refer to our changelogs: http://changelog.whmcs.com
Posted by Matt on Friday, July 26th, 2013
5.2.6.4 Build Update
Following the publication of a security advisory today [ http://blog.whmcs.com/?t=76310 ] we have identified two deficiencies in our build automation for the 5.2.6 build 3 package.
v5.2.6 build 4 addresses the below issues:
Ship decoded ./crons/config.php
Remove langupdate.php throughout.
The updated build contains no code or functionality changes.
Note: If you have either /lang/langupdate.php or /admin/lang/adminlangupdate.php present in your installation we recommend removing them.
Posted by WHMCS Chris on Wednesday, July 24th, 2013
WHMCS Security Advisory for 4.x and 5.x
WHMCS has released new patches for the 4.5, 5.0, 5.1, and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.
WHMCS has rated these updates as including critical or important security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels.
Releases
The following full-release versions of WHMCS have been published and address all known vulnerabilities:
5.2.6
The latest public releases of WHMCS are available inside our members area at https://www.whmcs.com/members/clientarea.php
PLEASE NOTE: The 4.5 series reached End Of Life as of June 30th 2013. WHMCS is aware that some customers have not moved to an LTS version due to the newness of the LTS policy. The related 4.5 patch release published along with this Security Advisory is provided as a courtesy to those customers. From this point forward, there will be no more patches provided for 4.5 or any other release that has reached EOL.
Security Issue Information
The resolved security issues were identified and reported by
Vlad C. of NetSec Interactive Solutions http://safeornot.net
Rack911 https://www.rack911.com
FastVPS Eesti OU http://fastvps.ru
WHMCS development team.
There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.
Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue.
These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS versions 4.5, 5.0, .5.1, and 5.2.
Mitigation
WHMCS Version 4.5
Download and apply the appropriate patch files to protect against these vulnerabilities.
Patch files for affected versions of the 4.5 series are located on the WHMCS site as itemized below.
v4.5.6 (patch only; for 4.5.5) - http://go.whmcs.com/174/v456patch
To apply a patch, download the files as indicated above. Next follow the regular upgrade instructions which can be found at http://docs.whmcs.com/Upgrading#Performing_an_Upgrade.
WHMCS Version 5.x
Download and apply the appropriate full-version or patch of WHMCS to protect against these vulnerabilities.
Patch files for affected version 5.x are located on the WHMCS site as itemized below. A full-version of 5.2.6 is located in the WHMCS member's area download section, under your license details.
v5.0.7 (patch only; for 5.0.6) - http://go.whmcs.com/178/v507patch
v5.1.8 (patch only; for 5.1.7) - http://go.whmcs.com/182/v518patch
v5.2.6 (full-version) - Available in the members area
To apply a patch or full-version release, download the files as indicated above. Next follow the regular upgrade instructions which can be found at http://docs.whmcs.com/Upgrading#Performing_an_Upgrade.
*This Security Advisory is in the process of being emailed to all active license holders.*
Posted by WHMCS David on Wednesday, July 24th, 2013
RSS Feed