New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Does WHMCS need a security audit, like SolusVM?
SolusVM used exernal security audit service, http://blog.soluslabs.com/2013/08/19/solusvm-external-security-audit-update/ , I think WHMCS should do so.
http://localhost.re/p/whmcs
Comments
Do I wish I was as rich as Kim Dotcom? Hell. Yes.
of course they need
Also opening the source of parts of WHMCS could also help with the security. It would result in multiple free audits.
Unless they want to loose Customers, yes they should.
I have seen alot of people recently that said they want to change to Blesta or HostBill.
Yes, but HostBill has not been "audited" yet by the localhost.re person, they might be in the situation to start over after the WHMCS was done with the localhost.re audit.
Blesta might remain small enough to not matter though so they might get lucky with it.
Nah, why would it matter that it had tons of PHP security 101 vulns?
It's just a billing system anyway
/sarcasm
Yes, WHMCS needs a security audit.
Yes...
Feathur (a yet unlaunched piece of software) has had an external audit already. External audits show you're serious about security.
I feel an external audit is their best option. As a developer, if you have been working a certain way for years as they have on a single product, it is difficult to update the legacy parts of that product because things may have spiralled out of control. Sometimes the only thing to do is stop altogether and take a step back from new development and adapt the software you already have. Alternatively you can scrap what you have and start again, sometimes the latter is easier. I understand what they are going through, but they cannot ignore this problem any longer.
Yes, they can. The few who will switch will come back after localhost.re becomes too repetitive and gets bored.
The solution is a nice and healthy competition.
Unfortunately I am afraid the market cannot support too many products.
The market is wide enough to admit one great open source billing system..and it's high time the lacuna is filled.
Eh, you're running Feathur for BlueVM, I wouldn't call that unlaunched?
I'm working on one that'll be free software at the moment, not sure how it'll turn out though.
Yes, but still, it's source code is unreleased, it's an alpha-level (in terms of feature completeness, not quality) product.
The market can support a few billing panels.
Yes, we have WHMCS, HostBill, Blesta, ClientExec, BoxBilling, DHCart, many others smaller/specialized but they are all struggling from what I know.
Support like in not let them die of hunger is one, producing profits, is another.
If the billing panel is starved, will have bugs, lack of maintenance not many modules will likely be specialized on what the author(s) know best/grew from etc.
Thats because none of them have the right features compared to WHMCS.
They should have done that long time ago
This is very sad that they did not care until now
What's really sad is how easy it is to get an unencoded version. It takes just 1 google search.
Actually, that is the good part.
Normally for compiled code it is much harder for people who are looking for vulnerabilities, if all code could have been easily decoded we would have fewer backdoors today.