Jump to content


Member Since 17 Feb 2018
Offline Last Active Dec 23 2018 02:13 AM

#15310 Error while trying to search an existing account

Posted by Noime on 15 November 2018 - 12:12 AM

That's a really old bug with X2. It has to do with how some GROUP-BY statements are constructed by the framework, and the problem can raise its head at all different locations.


I silenced the problem by activating some backward-compatibility-options for the mysql daemon. My mysqld.cnf for mysql-version 5.7 has the following lines in the [mysqld] section :

# this is to silence X2 group-by errors

Older mysql versions don't know "sql_mode", but instead have just "mode". In that case the line must look like this. From memory, must be tested.


#15278 secure X2 with fail2ban - anyone ?

Posted by Noime on 08 November 2018 - 01:31 AM

Thanks Peter !


No, no : I don't intend to ban on the notifications. I definitely wasn't clear on this. My two lines are meant to suppress the notification lines in the apache logs. There is, for a single user, one line per second added to the log. That's huge ! It not only bloats the log, it makes fail2ban scan loads of data that are good. I chose to suppress the line on apache-level instead of with an ignoreregex in fail2ban.


Protecting against brute force login attempts would be nice, but I don't see a 403 on wrong login. But I maybe try to hack up a new repeat-offender filter that checks for repeated login attempts.


Even better would be if one could rename the login page. If we had this, any attempt to reach index.php/site/login could be regarded as a hacking event.

#14904 GDPR Compliance (EU regulation)

Posted by Noime on 05 June 2018 - 03:11 AM

The quick answer, as far as I understand GDPR, is : No, X2CRM is not compliant.


The long answer, again to my understanding, is that companies need to be compliant.


Compliance is not a software feature, but software can make it easier or harder to comply to GDPR.


Maybe others have a different point of view, and I'd be happy to hear theirs.



#14886 Failed to Open IMAP Configuration

Posted by Noime on 25 May 2018 - 10:23 PM

For the fun, and to demonstrate what happens. I wanted to connect to wcc-tech.com, this translates to IP, but the server announced himself as 220-md-34.webhostbox.net.

Transcript: Connecting to 


Transcript: 220-md-34.webhostbox.net ESMTP Exim 4.89 #1 Sat, 26 May 2018 06:16:34 +0000 

Transcript: 220-We do not authorize the use of this system to transport unsolicited, 

Transcript: 220 and/or bulk e-mail. [5710 ms] 

#14885 Failed to Open IMAP Configuration

Posted by Noime on 25 May 2018 - 10:11 PM

You can disable the SSL verification check for the moment, emails will still be delivered over the encrypted channel.


But your problem stems from a misconfigured SSL, which is not within the hands of X2.


You want to authenticate wcc-tech.com when the associated SSL cert belongs to md-34.webhostbox.net - you may want to talk to some tech guy from your hosting company about this.


Again, this is nothing X2 can solve for you.

#14846 Error 500: serialized data

Posted by Noime on 03 May 2018 - 04:48 AM

Late to the party ...


Had exactly this same issue, turned out to be a missing php-module. mbstring in my case, which was hinted in protected/runtime/errors.log