Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Whmcs security update (2014 Aug 26th)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Whmcs security update (2014 Aug 26th)

mikhomikho Member, Host Rep
edited August 2014 in General

Comments

  • shyaminayeshshyaminayesh Member
    edited August 2014

    yo yo ... it's time to update ?

  • wychwych Member

    Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issues.

    Well thats a step in the right direction.

  • mikhomikho Member, Host Rep

    Was in a hurry and only had time to post the link.

  • Time to change billing system.. :)

  • ub3rstarub3rstar Member
    edited August 2014

    @ZweiTiger said:
    Time to change billing system.. :)

    Time to change billing systems because they updated their software and fixed a (minor) vulnerability?

  • @ub3rstar said:
    Time to change billing systems because they updated their software and fixed a (minor) vulnerability?

    Time to change to a stable and secure billing system , mate. :)

  • Found any ?

    ZweiTiger said: Time to change to a stable and secure billing system , mate. :)

  • @ftpit said:
    Found any ?

    There is nothing what is always 100% secure you know. But Blesta billing seems pretty stable.

    Try it.. 8 USD :)

  • StevenNStevenN Member, Host Rep

    @ZweiTiger said:
    Time to change billing system.. :)

    Bet you're still using WHMCS in 6 months.

  • @VMbox said:

    Yeah i used it for 6 month then i changed to Blesta. One click migrator and work like a charm.

  • WHCMS for 3 years in a row. Member with them since 2011 :/
    3 License.

  • ZweiTigerZweiTiger Member
    edited August 2014

    @VENETX said:
    WHCMS for 3 years in a row. Member with them since 2011 :/
    3 License.

    I just used for 6 month.. and after that switched Blesta. My main reason is update every 2-3day. And the patches ruined my whmcs system. And i dont want to reinstall it every time. Also i was hacked and somebody edited paypal email and other things... So.. i dont like whmcs at all. If you forgot one update you could hack very easy by hackers.

    But thats what i think. Everybody use WHMCS. Everybody use solusVM. I use virtualizor. Who - like this. Who this.

  • I like whmcs and solusvm,
    i just set ip force rules on the admin login page such as dropping every single port but port 80 and only from my ip i pick.
    Then I just have the 2 factor security, and before you go into the admin login page I have the USername / Password to access a directory.
    I'm a bit paranoid with security so i try different ways so no one can login :/

    I used to get people trying to hack into my websites and all, only 1 time i forgot to patch my software on time that all the damage was done was changing
    every single customers firstname to "DISASTER"
    Then I implimented that what I mentioned on top and since then I haven't gotten a single alert of something trying to login into admin.

  • jarjar Patron Provider, Top Host, Veteran
    edited August 2014

    @ZweiTiger said:
    Blesta billing seems pretty stable

    Once you get over the fact that half of it's features are cosmetic and don't work, like a light switch that won't turn a light on or off :)

    Blesta:

    • Do you want HTML or plain text e-mail? We'll send plain text either way.
    • Do you want to use PHP's mail() function or SMTP? Input your SMTP details below, we'll send the mail over PHP regardless.
    • Want to send an e-mail to your clients? Easy. Write a MySQL query to output the e-mail addresses as CSV and mail them from somewhere else.

    Then my absolute favorite:

    • Want to piece your client data together from the database? No problem! Just join about 30 tables together based on a hundred random keys with the longest query you will ever run in your life, oh and make sure you have plenty of space in your /tmp partition!

    Blesta... bring alcohol, you're gonna need it.

    ZweiTiger said: i was hacked

    Now who's fault was that? :)

  • @Jar said:
    Now who's fault was that? :)

    I know its mine... :)

    But anyway. who like this. who like this. In Hungary everybody use Hostbill...

    I like whmcs , but my new favorit is blesta. Thats all , mate!

    Thanked by 1jar
  • jarjar Patron Provider, Top Host, Veteran

    ZweiTiger said: In Hungary everybody use Hostbill

    Ouch, been there ;)

  • ZweiTigerZweiTiger Member
    edited August 2014

    @VENETX said:
    I like whmcs and solusvm,
    i just set ip force rules on the admin login page such as dropping every single port but port 80 and only from my ip i pick.
    Then I just have the 2 factor security, and before you go into the admin login page I have the USername / Password to access a directory.
    I'm a bit paranoid with security so i try different ways so no one can login :/

    I used to get people trying to hack into my websites and all, only 1 time i forgot to patch my software on time that all the damage was done was changing
    every single customers firstname to "DISASTER"
    Then I implimented that what I mentioned on top and since then I haven't gotten a single alert of something trying to login into admin.

    Thats normal.. I use comcure plans.. every day a snapshot and InterWorx daily full backup. So if somehow i fucked up.. only 10 min to get everything restore almost.

    And for mysql i use strongpace SFTP.

    So i like the 100% data secure :P

  • I think its good we like to be secured all the time taking back-ups and adding extra security so we dont get screwed over for some jealous competitor coming along.

  • pphillipspphillips Member, Host Rep

    Jar said: Blesta:

    Do you want HTML or plain text e-mail? We'll send plain text either way.

    Do you want to use PHP's mail() function or SMTP? Input your SMTP details below, we'll send the mail over PHP regardless.

    Quit spreading FUD. Blesta sends SMTP mail over SMTP, and has no issue with HTML or plain text email.

    Want to piece your client data together from the database? No problem! Just join about 30 tables together based on a hundred random keys with the longest query you will ever run in your life, oh and make sure you have plenty of space in your /tmp partition!

    Blesta... bring alcohol, you're gonna need it.

    Use the API if you don't want to construct a query, or copy and tweak some queries out of our code.. it's open, and easy to read. Part of having a normalized database is putting data where it ought to go in such a way that it's not redundant, if that results in 1 table or 100 tables it is what it is. Blesta's database is fast and efficient.

    I could use a beer. Maybe there should be a new rule: Spread FUD and you buy everyone a round of drinks.

Sign In or Register to comment.