Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Essential Software & Control Panels > WHMCS Latest Exploit -- Will You Keep Using WHMCS?
forgot password?



Reply


Old
  Post #1 (permalink)   10-19-2013, 05:53 AM
HD Newbie
 
Join Date: Sep 2013
Posts: 34

Status: HN-Alejo is offline
So this marks the second time that WHMS has gone to a conference and a 0 day exploit has been released for their software. It's clear that WHMCS has yet to take security seriously (e.g. having Rack911 check their code for exploits).

Putting my trust in this company is getting harder and harder. Does anyone still like WHMCS? Will you keep using it?

I just feel like these exploits are getting out of hand. I've lost count of how many times I have had to nervously apply a patch (which inevitably breaks more) as a result of Matt's crappy software.
__________________
Alejo B. - alejo@hostnucleus.com - ¡Hablo español!
HostNucleus - We have hosting down to a science.
http://www.hostnucleus.com/ - Shared & Reseller Specialists
PM Me For Hosting Discounts
 
 
 


Old
  Post #2 (permalink)   10-20-2013, 07:50 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
yes its getting worse

http://blog.whmcs.com/?t=79427 - Posted by WHMCS Chris on Thursday, October 3rd, 2013

http://blog.whmcs.com/?t=79527 - Posted by Matt on Sunday, October 6th, 2013

http://blog.whmcs.com/?t=80206 - Posted by Matt on Friday, October 18th, 2013

http://blog.whmcs.com/?t=80223 - Posted by Matt on Friday, October 18th, 2013

and i wonder what happened to new releases every 6 weeks as promised.

It seems that Matt spends more time playing with his new cPanel pals at these overseas conventions
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers

Last edited by easyhostmedia : 10-20-2013 at 07:54 AM.
 
 
 


Old
  Post #3 (permalink)   10-21-2013, 02:09 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
heres yet another security patch

http://blog.whmcs.com/?t=80298 - Posted by WHMCS Chris on Monday, October 21st, 2013


so thats 5 in a month so far
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #4 (permalink)   10-21-2013, 03:18 AM
HD Newbie
 
Join Date: Sep 2013
Posts: 34

Status: HN-Alejo is offline
It seems like every few days there is a new "emergency patch" and I must drop whatever I am doing to attend to WHMCS.

Honestly, it's like dealing with developers who are distracted by attending these conferences and not interested in improving their product.
__________________
Alejo B. - alejo@hostnucleus.com - ¡Hablo español!
HostNucleus - We have hosting down to a science.
http://www.hostnucleus.com/ - Shared & Reseller Specialists
PM Me For Hosting Discounts
 
 
 


Old
  Post #5 (permalink)   10-21-2013, 06:20 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
We have too much time and money tied up in WHMCS and various modules. Have been considering signing up as an official reseller, but dont what to place any of our clients through the hassle of all these patches, while WHMCS staff play away with cPanel
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #6 (permalink)   10-21-2013, 06:40 AM
HD Addict
 
Join Date: Feb 2005
Posts: 161

Status: wise is offline
I'm just glad that we stopped offering clients free whmcs licenses with their reseller accounts!
__________________
..................................................
UK vps and cloud servers | uk hosting, resellers, domains and more
 
 
 


Old
  Post #7 (permalink)   10-21-2013, 09:09 AM
HD Amateur
 
Join Date: May 2012
Posts: 78
Send a message via Skype™ to private_html

Status: private_html is offline
The problem is, we need something that is as good as whmcs, and doesnt mess around with there pricing, i mean hostbill was good, and they mess with the pricing all the time, nobody seems to want to touch it...
 
 
 


Old
  Post #8 (permalink)   10-21-2013, 09:29 AM
HD Newbie
 
Join Date: Jul 2013
Posts: 19

Status: HeartHost_CO is offline
Quote:
Originally Posted by easyhostmedia View Post
We have too much time and money tied up in WHMCS and various modules. Have been considering signing up as an official reseller, but dont what to place any of our clients through the hassle of all these patches, while WHMCS staff play away with cPanel
If I remember correctly, they did away with their reseller program, most likely because they weren't making enough money and would rather just sell everything themselves... which is alright... their business, their choices.

Quote:
Originally Posted by wise View Post
I'm just glad that we stopped offering clients free whmcs licenses with their reseller accounts!
I would've loved to do this, but for us to basically support WHMCS because we'd be reselling it, wasn't worth it to us. There are too many customers that we've had in the past that want support for things like WHMCS and others, that we don't cover. We do our best, but since it is not our software, we don't provide full support.

Quote:
Originally Posted by private_html View Post
The problem is, we need something that is as good as whmcs, and doesnt mess around with there pricing, i mean hostbill was good, and they mess with the pricing all the time, nobody seems to want to touch it...
Unfortunately, there seems to always be price changes for software, partly because the companies producing it are greedy and want more money stuffed in their pockets.
Again, that's their decision, but they drive potential customers and existing customers away... I know I wouldn't want to continuously have to change the amount I was paying every now and then for a software like that... I'd prefer to sign-up for flat rates that don't change.
 
 
 


Old
  Post #9 (permalink)   10-21-2013, 09:50 AM
HD Wizard
 
easyhostmedia's Avatar
 
Join Date: Mar 2011
Location: Northumberland, UK
Posts: 4,950
Send a message via MSN to easyhostmedia

Status: easyhostmedia is offline
Quote:
Originally Posted by HeartHost_CO View Post
If I remember correctly, they did away with their reseller program,
WRONG they got rid of their distribution network. their reseller program is untouched http://www.whmcs.com/resellers/
__________________
Terry Robertson - CEO The Easyhost Media Group
Niceday Hosting - Affordable Hosting
PowerSSL - - We Secure your World
The Scamlist Forum - Fighting against scammers
 
 
 


Old
  Post #10 (permalink)   10-22-2013, 05:19 AM
HD Amateur
 
Join Date: Sep 2013
Location: leeds
Posts: 66

Status: nigelb is offline
The issue is its generally a good piece of software and works well but they occasionally have issue. Do you jump ship and get what? For the time being we are are with it.
 
 
 


Old
  Post #11 (permalink)   10-22-2013, 12:27 PM
HD Addict
 
Join Date: Jul 2010
Location: Grand Rapids, Mi
Posts: 107

Status: Stream101 is offline
Luckily this company is providing fast patches to their customers. I've used software where tons of users report a bug and nothing gets done about it. It's kind of nice to be this big as there are people actively trying to hack the program, which allows them to patch it. it may be harder for a developer of a lesser known product to find an exploit like this.
__________________
Stream101 | Affordable Media Solutions
Shared/Reseller cPanel® Web Hosting | SHOUTcast Hosting | ICEcast Hosting
TOLL-FREE: (877) 240-7767 | 30 Day Money-Back Guarantee | DDoS Protection - STANDARD
100% Cogent Free Network | CloudLinux OS | Tier 1 Bandwidth | USA Based
 
 
 


Old
  Post #12 (permalink)   10-23-2013, 05:08 AM
HD Newbie
 
Join Date: Oct 2012
Posts: 26

Status: JordanF is offline
As @Stream101 said, it's lucky they are patching so fast otherwise much more could get out of hand. The software itself is a very good 'bang for buck' but they have not done all the security components to their best as of yet.

My personal control panel and management preference would be Ubersmith, I have worked with them for a while and they are truly outstanding (especially when you have it connected to OnApp, it runs as smooth as a cloud! - No pun intended!). Overall it's up to you whether you switch of give them another chance.

All the best,
Jordan F.
__________________
root@JordanF:~#
 
 
 


Old
  Post #13 (permalink)   10-28-2013, 06:58 AM
HD Addict
 
Join Date: Jan 2012
Location: Indianapolis Indiana
Posts: 145

Status: agentblack is offline
We actually got hit by one of the exploits. Thankfully all of our security layers prevented them from getting very far, however I do call into question on why they waited so long to inform clients there was a publically disclosed exploit. They should have sent out a notice saying an exploit was posted publically so we could be on the alert for suspicious activity, as well as they develop a patch as quickly as possible.

We got the notice of a security issue at 330am EST GMT-5 and it went to my personal email address rather than the support. As I was out of town due to it being a weekend, I didn't get the notice in a timely fashion. Very disappointed in their notifications of issues, it was something I had hoped cPanel would have corrected with them.

Seeing how there are no other comparable billing systems out there, we are stuck. Ubersmith from my understand no longer has a "lite" version of their software, nor do they do owned licenses. Plesk used to have a billing system however it seems its gone or has been transformed into something else. Whats left, Hostbill and ClientExec? We moved from ClientExec because we outgrew it, and the devs were slow in adding requested features.

We've reviewed Hostbill and it would not fit our needs due to its pricing structure as well as limitations. Don't get me wrong, I understand alot of work goes into making a billing system, but any time you design software that can potentially handle sensitive personal and financial information, security and encryption need to be at the forefront of your development process.
__________________
Agent Black Web Hosting - Stop being an account number, come to the host who treats you like the individual you are. Offering Shared, Cloud Servers, Dedicated Servers, and Domain Name Registrations.
 
 
 


Old
  Post #14 (permalink)   10-28-2013, 07:02 AM
HD Addict
 
Join Date: Feb 2005
Posts: 161

Status: wise is offline
@agentblack take a look at CE 5.0 there are some very nice features coming out especially if chat is important.

We still run with HB, luckily we got in before the pricing went crazy, and so far it is doing a good job for us (although we do have a few niggles) ..
__________________
..................................................
UK vps and cloud servers | uk hosting, resellers, domains and more
 
 
 


Old
  Post #15 (permalink)   10-28-2013, 07:12 AM
HD Addict
 
Join Date: Jan 2012
Location: Indianapolis Indiana
Posts: 145

Status: agentblack is offline
Quote:
Originally Posted by wise View Post
@agentblack take a look at CE 5.0 there are some very nice features coming out especially if chat is important.

We still run with HB, luckily we got in before the pricing went crazy, and so far it is doing a good job for us (although we do have a few niggles) ..
We still own our owned license of ClientExec but it's lacking in alot of ways. One of our biggest complaints is that it doesn't interface to our domain name registrar. We had been asking for that for several years and kept getting told it's coming, with it still not being added through several updates.
__________________
Agent Black Web Hosting - Stop being an account number, come to the host who treats you like the individual you are. Offering Shared, Cloud Servers, Dedicated Servers, and Domain Name Registrations.
 
 
 
Reply
Previous Thread Next Thread


Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: