Feature Requests
Share ideas, discuss and vote on requests from other users in community
This object is in archive! 

Option to Close Account Auto

freemind shared this idea 5 years ago
Under Consideration

Option to Close Account Auto if orders mark Fraud. client prohibited to access his/her account to secure portal as there is lot of hack attempt after fake order and access to portal

Comments (4)


I, too, would very much like to see this. We keep WHMCS updated and so hacking attempts are kept at bay by secured code (so says WHMCS staff). That said, I'd like to take more precautions. This feature request would accomplish this by ensuring that when there are signs of something fishy (fraud order) additional fishy things can't occur (the client that submit the fraudulent order can't attempt to hack my WHMCS installation).


This is needed! If the order is marked fraud and no other active products/services exist under that client the client's account should be closed and the client booted from the clientarea.

The problem we've been seeing is that they don't give up after a order is marked fraud, they will just order again and again. This makes a mess of the system and adds records to the DB that are not needed.


I wrote this hook to take care of this. Enjoy! Note that it's configured to work with MaxMind. Feel free to modify for other fraud modules, but note that the array of order/fraud data may be differently structured.

Be sure to set $adminUsername to an actual admin user in WHMCS.

If you wish to send the user an email about the order being fraudulent, you'll also need to create an email template called "Order Fraudulent". It could say something like "Hey your order was found to be fraudulent... here's what you can do to get your account set up..."

    1. add_hook('AfterFraudCheck', 2, function($vars){
    2. $threshold = (int) Capsule::table('tblfraud')->where('setting', 'MaxMind Fraud Risk Score')->value('value');
    3. $score = (int) $vars[0]['fraudresults']['riskScore'];
    4. if ( $score > $threshold ){
    5. $adminUsername = 'admin';
    6. $clientID = $vars[0]['clientdetails']['id'];
    7. $results = localAPI('SendEmail',
    8. array(
    9. 'messagename' => 'Order Fraudulent',
    10. 'id' => $clientID,
    11. ),
    12. $adminUsername
    13. );
    14. $results = localAPI('CloseClient', array('clientid' => $clientID), $adminUsername);
    15. }
    16. });


    I've written a hook to improve the password strength for Plesk because it's necessary for automation of provisioning when you've set Plesk to "Very Strong" Password mode. You can feel free to modify it to work with any module!