WHMCS Cron Script Workaround (Ioncube Loader)

Written by h4xx0r on . Posted in Fixes, Tutorials

Just another hectic morning for me. Almost a month after starting to use WHMCS, I discover that my cron jobs have not been working and therefore there has been no backup made in the past 30 days.

I immediately open up the Admin Panel and head towards ‘Automation Settings’.
There will be 2 command lines you will see for cron jobs. I have pasted a screenshot below.

ss-(2013-07-27-at-12.13

So I open up putty, get inside my webhost, and try executing the cron script for which I am greeted with the following error:
ss (2013-07-27 at 12.17.10)

(Text Version)
…..requires the ionCube PHP Loader ioncube_loader_lin_5.3.so to be installed by the website operator. If you are the website operator please use the ionCube Loader Wizard…..

For most, the solution would be adding:
zend_extension = /home/yourdomain.com/xxxpath/ioncube/ioncube_loader_lin.so

To the first line of the /etc/php.ini

But for those whom life doesn’t take easy, the problem will not be this. After hours of googling and spending human brain, turns out the weird solution to this error is placing the ioncube loader .so file under /usr/lib/ioncube (as shown in the documentation) and then setting the relative path in the first line of the php.ini file. The reason can be stupid and reasonable both, but I will not focus on that for now.

For those who do not have root access to their webhost, or in other words, do not host their sites on VPS/Dedicated Servers, will have to use the workaround; Which is using the 2nd command line that was shown in the first screenshot of the post.

ie. GET http://yourwebsite.com/path-to-cron-file/cron.php

Just copy/paste the line (as it is) under the cPanel Cron Jobs module and you’re good to do. If you have ioncube loader installed, and are still facing the error with the first command line, this is just the fix.

Liberty Reserve A Scam? Owners Arrested

Written by h4xx0r on . Posted in News

Liberty Reserve aka LR. In other words, the most popular digital currency used widely in blackmarkets, credit card fraud, tax evading payments, illegal deals. Whatever, it was the best currency if you were to receive money from someone and wanted to be sure he couldn’t chargeback that money (just like stupid paypal would). Founded in 2002, and after a long 11 year period. Here we are with their website down since the past 24 Hours. Usually it would go down regularly around 10 times in a month and the planned downtime would be mentioned in their blog (http://blog.libertyreserve.com) before hand to let people know how long were they going down for and when they would be up, But this time. It has slammed the internet economy by going down for over 20 hours. Money is stuck, so are some deals that are to be made by some very important names in the blackhat circle.

Here is a duplicate copy of the news pasted on www.ticotimes.com

Costa Rican authorities raided suspect´s home and offices in San José and Heredia.

Arthur Budovsky Belanchuk, 39, on Friday was arrested in Spain as part of a money laundering investigation performed jointly by police agencies in the United States and Costa Rica.

Costa Rican prosecutor José Pablo González said Budovsky, a Costa Rican citizen of Ukrainian origin, has been under investigation since 2011 for money laundering using a company he created in the country called Liberty Reserve.

Local investigations began after a request from a prosecutor’s office in New York. On Friday, San José prosecutors conducted raids in Budovsky’s house and offices in Escazá, Santa Ana, southwest of San José, and in the province of Heredia, north of the capital.

Budovsky’s businesses in Costa Rica apparently were financed by using money from child Indecency websites and drug trafficking.

New York conviction
According to records from the U.S. Justice Department, on July 27, 2006, Budovsky and a partner identified as Vladimir Kats were indicted by the state of New York on charges of operating an illegal financial business, GoldAge Inc., from their Brooklyn apartments.

They had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002.

The digital currency exchange, GoldAge, received and transmitted $4 million between Jan. 1, 2006, and June 30, 2006, as part of the money laundering scheme.

Customers opened online GoldAge accounts with limited documentation of identity, then GoldAge purchased digital gold currency through those accounts; the defendants’ fees sometimes exceeded $100,000.

Customers could choose their method of payment to GoldAge: wire remittances, cash deposits, postal money orders or checks.

Finally, the customers could withdraw the money by requesting wire transfers to accounts anywhere in the world or by having checks sent to any identified individual.

Budovsky and Kats were sentenced to five years in prison for engaging in the business of transmitting money without a license, a felony violation of state banking law, but got probation.

———————————-
Turns out Liberty Reserve was being run without a valid e-Currency License, and fooling customers over the past 11 years. About their website, it’s name servers are now pointing towards:
ns1.sinkhole.shadowserver.org
ns2.sinkhole.shadowserver.org

As is clear from this link – http://who.is/whois/libertyreserve.com

Shadowserver as quoted from Wikipedia is:
A volunteer group of professional Internet security workers that gathers, tracks and reports on malware, botnet activity and electronic fraud. It aims to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers and the spread of malware.

Shadowserver is famous for taking over compromised or infected websites. Consider shadowserver a team of whitehats working to clean the internet, now they wouldn’t take down a Payment System for no reason? Or would they?
———————————-

A Quote from a new source – EHackingNews

Jonathan Capistrano who contacted LR about the status of peoples funds was told that they will not be closing down but are taking a break and that LR will be back “new and better” and finally said that funds will stay there , with no reduction or increase in value.

———————————-

Let’s keep our fingers crossed and see what happens. If LR goes down, Things will change, and by things, I mean a lot of them.

I will keep you updated on this.
——————–

UPDATE: LR is officially dead.
Goodbye

Why You Shouldn’t Rely On Speedtest.net

Written by h4xx0r on . Posted in Off-Topic

Who doesn’t like free internet? Specially when it’s a WiFi with a good signal strength. If you’re tech freak like me, the first thing you’d probably do is go to speedtest.net and checkout the download/upload speeds. Well, without wasting much time, I’m here to tell you that those results aren’t true, atleast when you’re having high-speed access.

While upto 100MB/s connections might show up to be accurate on their website, connections above 100MB/s are pretty doubtful. I have done some research and I will propose 2 reasons for the mismatch and inaccuracy of these speed results.
1. High Latency/Ping
2. High Traffic/Load on Speedtest.net Servers

Speedtest uses multiple servers in a location to run speedtests for it’s users and as far as I have observed, there are only few locations that support a 10 gigabit port. For those who don’t know, a 10 gigabit port means you can max out the internet speed to 10 Gbps which is pretty much rare.

Now I happen to own a dedicated server that is hosted on a 10 gigabit port and as soon as I have access to it, I open up the speedtest website and run a test.

Results:

Pretty annoyed, I go to my server provider and ask them to fix it. Before I receive their reply, here is another result:

This gets me thinking they have started finding a solution to the problem already and I get a little grin on my face.

Soon enough I receive their reply and they tell me they have started the process which means the improvement in the result above wasn’t due to them fixing stuff. I get curious, but I nod and give them a green signal to proceed with it.

Next Result:

I was expecting atleast 6-8Gbps when 10Gbps was promised to me. Fed up of all this, I initiate a refund request when suddenly I remember I had to download and backup something on the server. I setup Internet Download Manager (IDM) on the server for the download and guess what? I hit 80MB/s for a single file which got me putting a few more downloads simultaneously and holy crap, I was reaching over 1.2Gbps easily.

Proof:
ss (2013-05-18 at 03.16.57)

 

Please note that MB/s > Mbps.
1MB/s = 8Mbps

Now 1.2Gb/s wasn’t what I was looking for, but it was far better than the 300Mb/s I was being showed up on the speedtest results which clearly proves those results inefficient.

The theory behind all this is that the downloads from a single link/server are capped upto a few MB/s. This is not an error or some server incapability, but a cap limit put up by the server companies and ISP’s to prevent excessive usage of their bandwidth. When you put up simultaneous downloads, you reach different servers and try to pull in maximum data from them which gives you a boost in the download if measure altogether. Torrents on the other side run on UDP ports unlike IDM which uses TCP ports, and since UDP connections guarantee better speed, running torrents simultaneously with IDM running multiple downloads already will give you the actual speed result.

Here is a direct link to a Windows 7 Copy from Microsoft which I used in the above tests to measure the speed.
http://msft.digitalrivercontent.net/win/X17-24209.iso

EDIT: I just put some torrent downloads along with IDM, and I was able to reach 4Gb/s. Pretty satisfied now.