How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Rate Limit Email Verification Emails

  • Pulkit Lawas shared this idea 2 years ago
  • Email
  • 5 Comments


A client of mine entered the wrong email while registering on our website. He requested email verification five times straight. Because his email didn't exist, the email failed to deliver. Because of that, our hosting provider issued a temporary ban as emails were going from our account to non-existing emails. I researched and found out that WHMCS does not limit the number of time verification emails or any other email sent in a given timeframe. Because of that, a spammer can register on a WHMCS website and request verification emails multiple times, and he can block the server IP from sending any type of email. The whole hosting account can get banned from sending emails due to the absence of this critical functionality.

How can you verify this?
Register as a client on your website where you use WHMCS and enter the wrong email. The verification link won't arrive. You can keep on resending the verification link unlimited times, and it will keep sending them emails, which will eventually keep bouncing back to you and then block ALL the emails from your hosting.

Which Functionality is to be implemented?
There should be a limit on how many times a particular user can request verification emails or any other type of activity where an email is sent in a given time frame. For example - The client can request email verification or password reset only 3 times in 1 hour or something similar.

5 Comments

Login to post a comment.

Healthy competition in gaming https://classroom6xgame.github.io/ encourages players to improve themselves, which can translate into a positive drive in real life.
Escape Road is an exhilarating driving game where you must evade relentless police chases and navigate through challenging obstacles. Your ultimate goal is to survive as long as possible while racking up points! https://escaperoad.app/
A while ago, I also forgot my email address on the website https://uno-online.io and entered it wrong many times until the error blocked that email. I also did not know how to do it so I had to give up that email. But I was very sorry because it still contained a lot of my information
I am having the issue where we are receiving 10 to 30 fake account created a day. Where there is no email verification my servers are repeatedly sending out email to nonexistent email addresses.

We need to have email verification required on signup!!!
this is very bad im whmcs , I just noticed huge amounts of spam emails using this , user just keep pressing on botton thouthand times,

trid to solve this using hooks , it's looks like this is not possible