[Abbott]

http://forum.whmcs.com/showthread.ph...Security-Patch

SQL Injection vulnerabilities, I suggest everyone using WHMCS to update

Quote:

Within the past few hours, an ethical programmer disclosed to us details of an SQL Injection Vulnerability present in current WHMCS releases. The potential of this is lessened if you have followed the further security steps, but not entirely avoided. And so we are releasing an immediate patch before the details become widely known. Installing the patch is simply a case of uploading a single file to your root WHMCS directory. This one file works for all WHMCS versions V4.0 or Later. http://go.whmcs.com/26/secpatch The events of last week have obviously put a lot of focus on WHMCS in recent days from undesirable people. But please rest assured that we take security very seriously in the software we produce, and will never knowingly leave our users at risk. And on that note if any further issues come to light, we will not hesitate to release patches for them - as we hope our past history demonstrates. We thank you for choosing WHMCS. [This is being mailed out but if you can help spread the word faster to other WHMCS users you know, please do.]

[ColorHost-Kevin]

Done.

[iLinx]

lol whmcs

[kikito]

Quote:

Originally Posted by iLinx lol whmcs

"Home" scripts are better : 3

Since whmcs is having alot of problems with security.

[ColorHost-Kevin]

Quote:

Originally Posted by kikito "Home" scripts are better : 3 Since whmcs is having alot of problems with security.

WHMCS itself is really not prone to hacking at all.

The reasons behind WHMCS getting hacked were due to social engineering at there website host. (HostGator)

Here is a wikipedia document on social engineering: http://en.wikipedia.org/wiki/Social_...ring_(security)

The script itself is actually pretty stable, and you also have to remember that no script made is entirely safe to hacking attempts.

[kikito]

Quote:

Originally Posted by ColorHost-Kevin WHMCS itself is really not prone to hacking at all. The reasons behind WHMCS getting hacked were due to social engineering at there website host. (HostGator) Here is a wikipedia document on social engineering: http://en.wikipedia.org/wiki/Social_...ring_(security) The script itself is actually pretty stable, and you also have to remember that no script made is entirely safe to hacking attempts.

That's correct, of course, but if you see, they have more than 5000 clients, most of them, use whmcs to sell their products, others, use whmcs to sell products and try to hack it.

The "home" scripts(for example, the ordering system of volt host) can have security issues, of course, but they do not sell their script, so they're more secure than whmcs.

This is just my opinion.

[Abbott]

Quote:

Originally Posted by kikito That's correct, of course, but if you see, they have more than 5000 clients, most of them, use whmcs to sell their products, others, use whmcs to sell products and try to hack it. The "home" scripts(for example, the ordering system of volt host) can have security issues, of course, but they do not sell their script, so they're more secure than whmcs. This is just my opinion.

When you are a business, you need to pay TAX. WHMCS makes pretty little income graphs and the amount of money PROFIT you've made that you need to pay TAX on rather than crawling through your little home scripts and gathering how much actual profit you've made minus Paypal/payment gateway fees, while you're doing that, I'll be paying WHMCS to do this for me and then printing out the reports and sending them to my accountant, that's the idea of software. This is like saying making your own operating system is better or using a less populated one because Windows is easily susceptible to virus, nothing is 100% secure.

[int3s0]

WHMCS have developers who are always fixing latest security vulnerabilities and I'm sure some hackers report them their vulnerabilities.

While, some people don't even know what their self made billing systems are vulnerable to.