238 comments found.
I’m trying to access the support website, and I’m encountering the following error:
{ “error”: “The HTTP method and path you requested is invalid. Please check the API documentation at https://build.envato.com/api/ and ensure that you’re using a valid path with the correct method.”, “reason”: “not-found” }
can you try again ?
wonderfull script but missing a fully android app , is it plan ?
Can we purchase an extended license and use it on unlimited domains?
Hi, each license is valid for one domain only. If you want to use it for multiple domains, please contact me for a special price.
I changed my domain and try to active my license, but I cannot deactive the license by sending ticket because the service is expired. please help to reset it.
I finally deactive the domain by myself. Don’t need help now. Thanks.
Please send me an email if you want to reset your license
i am waiting for ticked support from 2 weeks ago on September 23, 2025 at 12:10pm
Not sure what the issue is that you need support. We have already answered all questions in our support page
please deactive domain. i need to reactivate.ticket is also sent
Hi, I have to reset my license as domain has changed. I have sent an email can you please check. Thanks
We have a problem in bing search engine “Many pages with duplicate titles”
mydomain.com/public/xxxxxx mydomain.com/xxxxxx
We have Disallow: /public/ in robots.txt but not work So how can we Disallow the url from bing
How can we make /public/ to a friendly url ? or what can we write in .htaccess file ?
You can point your domain to public folder. Please send us a support ticket https://thesky9.ticksy.com/
Hi, all sliders are static, how can you make it auto-slide?
It’s an auto slide, not static
Subject: Critical Security Vulnerability Report: Malicious Code in “UltraNews – Laravel System” Leading to Domain Hijacking
To the Development Team of UltraNews,
I am writing to report a critical security vulnerability discovered in your product, “UltraNews – Laravel Newspaper, Blog Multilingual System with support AI Writer, Content Generator,” which appeared immediately after an update to a newer version.
My website, my-website.com, was built using this system. After performing a routine update, I discovered that my entire site was being compromised by malicious code embedded within the new source. This code systematically replaced my legitimate domain with an unauthorized third-party domain: https://checkip.online.
Vulnerability Description:
The core issue is that the updated version of the software appears to contain malicious scripts. These scripts perform an aggressive “search and replace” operation across the entire application, hardcoding the attacker’s domain (https://checkip.online) into all critical paths, including core configuration, static assets, and the database.
Evidence and Impact:
Hardcoded URLs: Every generated URL within my website’s source code—including asset paths (CSS, JS, fonts), internal links, and canonical URLs—was pointing to https://checkip.online instead of my own domain.
Database Infection: The malicious script actively created and modified entries in my database. Specifically, tables such as request_logs were populated with thousands of records containing URLs from the https://checkip.online domain.
Framework-Level Infection: The attack penetrated the framework core, altering dynamic data in real-time. For instance, session files located in storage/framework/sessions were being written with the attacker’s domain, hijacking user sessions as they were created.
Complete Site Hijacking: Because all links, resources, and even dynamic sessions were pointing to the malicious domain, my website effectively became a mirror of https://checkip.online, leading to a complete loss of control over my site’s identity.
Severe SEO Penalties: As a direct result, Google Search Console flagged my website for “Duplicate content: Google chose a different canonical URL than the user.” Google correctly identified that my content was duplicated but incorrectly chose the attacker’s domain as the original source, causing my legitimate domain to be de-indexed and severely damaging my search rankings.
Conclusion:
This is a sophisticated attack that infects the site at a fundamental level. The fact that this vulnerability surfaced immediately after an official update raises serious concerns about the integrity of the update package or the new version itself. This suggests a potential supply chain attack or a compromised development environment.
I strongly urge you to conduct an immediate and thorough audit of your official source code, repositories, and update packages to identify and remove this malicious code. Please also consider issuing a security warning to all your customers about this potential threat. This vulnerability is causing significant financial and reputational damage to your users.
Thank you for your attention to this critical matter.
Sincerely, A concerned user.
Thank you for your report. We would like to clarify that the official UltraNews source code and update packages are safe. The update function does not contain any mechanism that can inject or replace domains.
From the symptoms you described, it is more likely that your server environment has been compromised (e.g., through weak credentials, outdated software, or misconfigurations), rather than the UltraNews update itself.
We recommend performing a full server security audit, restoring files from a clean UltraNews package, and updating all credentials.
My domain name has been deleted. I’m typing a new domain name, but it’s not being accepted. Please reset my domain name.
Please send us an email or create a ticket for support at https://thesky9.ticksy.com/
I send email to thesky9.com@gmail.com because support for this Envato Market purchase code has expired. cannot apply on your web. I want to reset domain
I did not get any email from you for reset email
site: https:// cybersecurity.name
My domain name has been deleted. (https://cybersecurity.name) I’m typing a new domain name, but it’s not being accepted. Please reset my domain name.
Please send me an email with your license key please
Send e-mail adrsss ahm*31@gmail.com
Your license was reset please try again
Hi, Post sales ? – We r currently setting up the OpenAI integration in the settings for the AI Writer feature. I have already entered my OpenAI API key, and I am 100% sure that the key is correct. However, whenever I try to generate content using the AI Writer, I consistently receive the following error:
Service OpenAI Temporarily Unavailable. Please try again later. Incorrect API key provided: sk-proj-**PY0i. You can find your API key at https://platform.openai.com/account/api-keys.
I’ve double-checked the key on my OpenAI account and confirmed it is active. The format looks like this: sk-proj-xxxx… (newer OpenAI project-based keys).
Can you please confirm if the script supports the latest OpenAI API keys (sk-proj-) or if I need to use a different type of key? If so, kindly advise how to properly configure the system to accept the correct key. Thank you for your assistance.
I there a theme that is dark by default?
Before buying I didn’t pay attention that the author’s last comment was 2 months ago. Does anyone know if support is still available?
Hi, if you have any issue/concern please submit a ticket to pủ support page https://thesky9.ticksy.com/
Please help. Debug mode is not working and there is no laravel.log file. Are these the issues or is it supposed to be like that?
Please ignore my comment. It works
Hello, I would like to know if it is possible to change the background colors of the pages and blocks, for example change the color of the menu block? If so, can you tell us where to do it please?
I changed my domain address but it does not accept the license key I bought in the past. My support period is over but I cannot install and reset it.
I saw your email and reset your license. Please check your email
License is already active on maximum allowed product instances, please deactivate this license from active instance(s) and try again! I get the error, I think the license was not reset
Your license was reset please try again
Hi, I have a legal license for the script, but it’s currently broken due to a license verification issue. The validator fails with a cURL error 6: Could not resolve host: license.thesky9.com, which is causing a 500 error on my site. Please provide an urgent fix or alternative method to validate the license. This is affecting production. Thank you.
The license site is back now. And it should work good now
please help to reset the license, i been using on the same domain, now it wont allow me to reinstall the code on the same domain,
also i cant login to license reset portal.
Have you reset the license yet? If it still doesn’t work, we will reset it for you.
Hi, I just bought this script and it wont upload images, it says The uploaded file failed to upload. wha to do?
Also when I try to change Home name it says CSRF token mismatch. All those up when I do to demo that you added it upload good, now on my admon panel it wont do.
I try ti upload images, media it wont work, I try ti change names it wont work. The author know about this we have spoken and I told him if he will not fiks I will ask for return or refund. I have gave my login details to see. I will prooceed to refund.
We have already made efforts to assist the customer with the image upload issue. However, the root cause has been identified as a problem on the customer’s server. We are prepared to offer a refund as a resolution.
OK, thanks for now I need a refund untill I find a solution. thanks
