Client Area for my MOFH Reseller

[DCG Network]

EDIT: Fixed my issue with LOGGED, so I'll stick with that for now  

 

 

 

Hi,

I'm looking to use a client area for my MOFH Reseller.

Are there any good ones out there that are secure?

If there isn't, could someone recommend me a good Login/Signup page? I've tried LOGGED but I'm getting a "posting error" when redirected to the iFastNet page...
 

Thanks in advance. 

 

Edited April 4, 2022 by DCG Network

[DCG Network]

I've seen MOFHY, but the creators page on GitHub states that "It isn't secure"

 

[MeTooIDK]

35 minutes ago, DCG Network said:

I've seen MOFHY, but the creators page on GitHub states that "It isn't secure"

 

yep,Because MOFHY Can XSS Injection.And MySQL Injection

XSS Is not really important(i think . it just destroy Your Admin Panel.You Can Remove Account On PMA

but MySQL Injection ,it could delete your all Accounts.it can access,modify,delete your MySQL Database

MOFHY Can prevent MySQL Injection. but cant fully prevent MySQL Injection.

And Lot Of Security Problem..I GUess?

anyway you still can use it,u can use it If You can fix

if u cant fix,you still can use!Just becareful! 

Edited April 4, 2022 by MeTooIDK

[MeTooIDK]

40 minutes ago, DCG Network said:

Hi,

I'm looking to use a client area for my MOFH Reseller.

Are there any good ones out there that are secure?

If there isn't, could someone recommend me a good Login/Signup page? I've tried LOGGED but I'm getting a "posting error" when redirected to the iFastNet page...
 

Thanks in advance. 

 

Logged,You Can Ask PlanetTheCloud to resolve it

there is PDN Discord Server https://discord.com/invite/mmEWpnwB8D

---

 

Edited April 4, 2022 by MeTooIDK

[Dimitris]

Hello, 

Unfortunately there isn't any other client area for MOFH available at this moment. You can either use mofhy and patch the security issues yourself or create your own custom client area using the API (docs: https://api.myownfreehost.net/)

Project Logged is the best currently out there for a login-signup page (at least I'm not aware of something else). You can enable the debug mode and share here the errors and how it's happening so maybe we can help resolve the issue you got.

[DCG Network]

20 minutes ago, Dimitris said:

Hello, 

Unfortunately there isn't any other client area for MOFH available at this moment. You can either use mofhy and patch the security issues yourself or create your own custom client area using the API (docs: https://api.myownfreehost.net/)

Project Logged is the best currently out there for a login-signup page (at least I'm not aware of something else). You can enable the debug mode and share here the errors and how it's happening so maybe we can help resolve the issue you got.

No problem, will enable the Debug mode and share results here.

 

[MS-DOS]

Hello,
There is also boxbilling which is good and compatible with MOFH.

Edited April 4, 2022 by MS-DOS

[DCG Network]

Hi, this is the error I'm receiving when signing up.

I've enabled debug mode, but nothing seems to have changed. 

 

Posting Error, #923578257 (https://auth.hostbydcg.cf/ , auth.hostbydcg.cf), Please contact support

 

[DCG Network]

7 minutes ago, MS-DOS said:

Hello,
There is also boxbilling which is good and compatible with MOFH.

Will try that just now, thanks  

[DCG Network]

35 minutes ago, MS-DOS said:

Hello,
There is also boxbilling which is good and compatible with MOFH.

Getting constant 500 internal server error lol

[DCG Network]

I'll just stick with logged.

 

[DCG Network]

Hi, 

First of all, I've given up on BoxBilling!

This is the error I'm getting with LOGGED, after being redirected to the iFastNet signup page (ifastnet.com/register2.php)

Posting Error, #923578257 (https://auth.hostbydcg.cf/ , auth.hostbydcg.cf), Please contact support

 

 

[DCG Network]

Got it working!

[qwe]

On 4/4/2022 at 3:32 AM, MeTooIDK said:

You Can Remove Account On PMA

Can you say more about this?

 

On 4/4/2022 at 3:32 AM, MeTooIDK said:

but MySQL Injection ,it could delete your all Accounts.it can access,modify,delete your MySQL Database

MOFHY Can prevent MySQL Injection. but cant fully prevent MySQL Injection.

And Lot Of Security Problem..I GUess?

Can someone say more about this?

[Mahtab Hassan]

On 4/11/2022 at 9:21 AM, qwe said:

Can you say more about this?

 

Can someone say more about this?

well mofhy is not secure because it cannot prevent XSS attacks and SQL Injections which can harm your database

[mathew78]

Hellow, we have a hosting website anyone can help us to create signup and cliend area for users if yes then email me, OUR WEBSITE IS www.blmhost.com 

#PAID TASK

[Mahtab Hassan]

On 4/20/2022 at 9:32 PM, mathew78 said:

Hellow, we have a hosting website anyone can help us to create signup and cliend area for users if yes then email me, OUR WEBSITE IS www.blmhost.com 

#PAID TASK

Email please? 

[TinkerMan]

Remember that the mods remove email addresses. @ma7euser, I sent you a PM.

[Lordson]

I found something at https://getmofhy.eu.org/  website that says MOFHY Lite is secure, is this updated information or MOFHY is still insecure?

Is MOFHY Lite really secure?

Yes, MOFHY Lite is secured from SQL attacks, CSFR attacks and JavaScript snippets.

[TinkerMan]

No, MOFHY is still insecure. I just checked it again after you posted that,  and every version of MOFHY on GitHub has the same vulnerability in the Admin area. 
 

Some versions have tried to cover it up, but failed. It is still explotable is the same way it was before. 

[Lordson]

6 hours ago, TinkerMan said:

No, MOFHY is still insecure. I just checked it again after you posted that,  and every version of MOFHY on GitHub has the same vulnerability in the Admin area. 
 

Some versions have tried to cover it up, but failed. It is still explotable is the same way it was before. 

Thank for responding.

[User51]

6 hours ago, TinkerMan said:

same vulnerability in the Admin area. 

You can use directory privacy to prevent access to the admin area.

---

Also, there is a new client area called "Xera", which seems promising. The security vulnerabilities seem to have been patched, although we are still searching for them.

There is an active forum for it at fourm.xera.eu.org

Edited August 2, 2022 by User51

[TinkerMan]

11 hours ago, User51 said:

You can use directory privacy to prevent access to the admin area.

Correct, but it is very easy to brute force that. As long as you chose and obscure username and password it will be fine. But client accounts will be just as vulnerable, and you cannot directory privacy that without the username and password being public. 
 

I do like where xera is going, although I have not kept as close of an eye on it since it is a bit more complicated. Hopefully it will be deemed good for release in a year or two!

[Lordson]

Hello, I have just installed another MOFHY Lite that look completely different from the one I installed first. The interface looks exactly like that of infinityfree clientarea. Can someone check if this version is improved and secure? I don't know how to check if it's secure or not. Clientarea address https://hosting.sonafree.com/ 

[User51]

There's only one MOFHY?

It most likely is just a customized MOFHY. May I ask, where did you download this from?

3 hours ago, TinkerMan said:

I do like where xera is going, although I have not kept as close of an eye on it since it is a bit more complicated. Hopefully it will be deemed good for release in a year or two!

It's not that bad once you figure out how the files are organized. I'd reccommend trying Xera @Lordson, it's in better shape than MOPHY is

Edited August 2, 2022 by User51