YOU ARE HERE: HOMEAcunetix user received exceed user count notice for over or abuse existing license notice

Acunetix user received exceed user count notice for over or abuse existing license notice

This post is prepare for the existing customer who receiving above notice. The original post is below, already censored out important information and make it applicable for all the customer in more universal way.

Background Information

Acunetix web vulnerability scanner from v11 to v12 (over 1 year now), include also one of the fundamental change, ie licensing by “target”. Customer need to licensing accordingly to how many “target”(this is Acunetix term to describe it. It the market is more well known as FQDN (ie fully qualified domain name), do not confuse will web url or domain or subdomain, as you will end up in trouble).

E-SPIN being organize lot of license change announcement during the time for license change from v11 to v12 to all customer who attend the event, as well as provide extensive document and note for customers who are no attend the technology update session in those time).

Just in case and one more time, Acunetix v12 onward is licensing by “target”. It compile from borrowing official “target” definition from Acunetix website. If you notice different, please follow what you saw in Acunetix website, they must be make change again, after this post is writing.

A “Target” is a web site, web application, server or network device that you would like to scan for security vulnerabilities using Acunetix. For licensing purposes, the following rules apply:

  1. Localhost and 127.0.0.1 consume 1 Target
  2. Domain.com and www.domain.com count as 1 Target
  3. Https and http count as 1 Target
  4. Sub-domains are different targets (e.g. www.domain.com and www2.domain.com consume 2 Targets)
  5. Different URLs in same domain count as 1 Target e.g. www.domain.com and www.domain.com/blog
  6. Different ports on the same address counts as 1 Target e.g. www.domain.com:8080 and www.domain.com:8888
  7. Acunetix own test sites do not consume any targets.The above applies to both Acunetix On Premise and Acunetix Online edition.

Another related term you will come across is “Free scan target”

A “Free Scan Target” is a network server or device that can be configured in Acunetix Online and which can be scanned for network vulnerabilities (E-SPIN remark: that is actually make use of open source OpenVAS to provide that service, do not confuse it with Acunetix own web vulnerability scanner scanning).

During the trial, Acunetix Online users can configure up to 3 scan targets to test Acunetix. These Scan Targets will be automatically converted to Free Scan Targets after the Acunetix Online trial expires. These scan targets will not expire.

Acunetix Online customers can configure up to their license limit as FREE Scan Targets, essentially doubling their scan target quota. For example, a customer that has a 10 Target license can configure an extra 10 FREE Network Targets, in addition to the 10 Targets allowed by the license.

NOTE: Only fully verified Acunetix Online accounts can request Network scans on their perimeter servers. More information can be found in the “Verifying Scan Target Ownership” section in the Configuring Scan Targets documentation.

Some other important information, in case you are missing include: (compile from Acunetix website)

  • You cannot delete a Target once it has been scanned. (another good way for your quick understanding it is “fixed” target for your whole duration of subscription)
  • When you renew your subscription, you can alter the Targets that have not been scanned.
  • Is the Target responsive? Your can try using a browser from the same machine as Acunetix to access the site. If you are using Acunetix Online, you should ensure that scanners.acunetix.com is allowed to connect to the site. (Same as well for on premise Acunetix scanner make sure in your network security device whitelist for access).

Quick advise

For customer who “exceed license count” in general, you need to immediate acting on the situation, by removing “exceed” target to make yourself “within” what you license for.

Another thumb of rules is focus on website you really want to scan for whole subscription period. If your case have lot of ad hoc scanning required, then feel free to contact E-SPIN and discuss with E-SPIN for help you secure and application for special “consultant edition” or you really need to consider alternative offering that offer “single install unlimited scan” web vulnerability scanner, feel free to talk to E-SPIN to understand your requirement.