Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Does WHMCS need a security audit, like SolusVM?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Does WHMCS need a security audit, like SolusVM?

sunboysunboy Member
edited October 2013 in General

SolusVM used exernal security audit service, http://blog.soluslabs.com/2013/08/19/solusvm-external-security-audit-update/ , I think WHMCS should do so.
http://localhost.re/p/whmcs

Comments

  • Do I wish I was as rich as Kim Dotcom? Hell. Yes.

    Thanked by 1sunboy
  • of course they need :)

  • Also opening the source of parts of WHMCS could also help with the security. It would result in multiple free audits.

    Thanked by 3sunboy tux perennate
  • Unless they want to loose Customers, yes they should.

    I have seen alot of people recently that said they want to change to Blesta or HostBill.

  • MaouniqueMaounique Host Rep, Veteran

    Yes, but HostBill has not been "audited" yet by the localhost.re person, they might be in the situation to start over after the WHMCS was done with the localhost.re audit.
    Blesta might remain small enough to not matter though so they might get lucky with it.

  • c0yc0y Member

    @sunboy said:
    Does WHMCS need a security audit, like SolusVM?

    Nah, why would it matter that it had tons of PHP security 101 vulns?

    It's just a billing system anyway

    /sarcasm

  • RadiRadi Host Rep, Veteran

    Yes, WHMCS needs a security audit.

  • Yes...

    Feathur (a yet unlaunched piece of software) has had an external audit already. External audits show you're serious about security.

  • I feel an external audit is their best option. As a developer, if you have been working a certain way for years as they have on a single product, it is difficult to update the legacy parts of that product because things may have spiralled out of control. Sometimes the only thing to do is stop altogether and take a step back from new development and adapt the software you already have. Alternatively you can scrap what you have and start again, sometimes the latter is easier. I understand what they are going through, but they cannot ignore this problem any longer.

    Thanked by 1perennate
  • MaouniqueMaounique Host Rep, Veteran

    @mikeg said:
    I understand what they are going through, but they cannot ignore this problem any longer.

    Yes, they can. The few who will switch will come back after localhost.re becomes too repetitive and gets bored.
    The solution is a nice and healthy competition.
    Unfortunately I am afraid the market cannot support too many products.

  • @Maounique said:
    Unfortunately I am afraid the market cannot support too many products.

    The market is wide enough to admit one great open source billing system..and it's high time the lacuna is filled.

  • perennateperennate Member, Host Rep
    edited October 2013

    @BlueVM said:
    Feathur (a yet unlaunched piece of software) has had an external audit already. External audits show you're serious about security.

    Eh, you're running Feathur for BlueVM, I wouldn't call that unlaunched?

    joelgm said: The market is wide enough to admit one great open source billing system..and it's high time the lacuna is filled.

    I'm working on one that'll be free software at the moment, not sure how it'll turn out though.

  • @perennate said:
    Eh, you're running Feathur for BlueVM, I wouldn't call that unlaunched?

    Yes, but still, it's source code is unreleased, it's an alpha-level (in terms of feature completeness, not quality) product.

  • jbilohjbiloh Administrator, Veteran

    @joelgm said:
    The market is wide enough to admit one great open source billing system..and it's high time the lacuna is filled.

    The market can support a few billing panels.

  • MaouniqueMaounique Host Rep, Veteran

    Yes, we have WHMCS, HostBill, Blesta, ClientExec, BoxBilling, DHCart, many others smaller/specialized but they are all struggling from what I know.
    Support like in not let them die of hunger is one, producing profits, is another.
    If the billing panel is starved, will have bugs, lack of maintenance not many modules will likely be specialized on what the author(s) know best/grew from etc.

  • @Maounique said:
    Yes, we have WHMCS, HostBill, Blesta, ClientExec, BoxBilling, DHCart, many others smaller/specialized but they are all struggling from what I know.
    Support like in not let them die of hunger is one, producing profits, is another.
    If the billing panel is starved, will have bugs, lack of maintenance not many modules will likely be specialized on what the author(s) know best/grew from etc.

    Thats because none of them have the right features compared to WHMCS.

  • They should have done that long time ago

  • This is very sad that they did not care until now

  • What's really sad is how easy it is to get an unencoded version. It takes just 1 google search.

  • MaouniqueMaounique Host Rep, Veteran

    @mcmyhost said:
    What's really sad is how easy it is to get an unencoded version. It takes just 1 google search.

    Actually, that is the good part.
    Normally for compiled code it is much harder for people who are looking for vulnerabilities, if all code could have been easily decoded we would have fewer backdoors today.

    Thanked by 1rds100
Sign In or Register to comment.