Billing & Automation

Security Advisory – HostBill version 2013-12-14

We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.

Applying update
To apply security update please download latest and update HostBill to 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.

Upgrading to new version: http://wiki.hostbillapp.com/index.php?title=Upgrading_to_new_version
Using auto upgrade plugin: http://wiki.hostbillapp.com/index.php?title=Auto-Upgrade_plugin

We believe that this vulnerability is not known to the public, its severity depends on adminarea protection.
KBKP Software always encourages our clients to take extra steps for protection:
http://wiki.hostbillapp.com/index.php?title=Additional_security_steps

Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.

Security Advisory – HostBill versions 4.x

In last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:

https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.4_4347.zip

For manual patch apply please extract archive contents in main HostBill dir.
We strongly recommend upgrading to latest HostBill version (4.6.4 – archive also contains patched files)

Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.

Patch was introduced immediately for auto-upgrade feature

Important Security Patch Released

We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration we cannot leave our users at risk – we take security very seriously.

Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)

Please extract this patch in main HostBill directory. It is also available in auto-update plugin.

Version 4.6.0 available in downloads section has also been patched, so if you’re using older version its advised to upgrade to latest version.

Information about price/modules changes in 4.6.0 release for current customers

Dear customers

We’re quite aware that our recent changes in billing model/platform may have caused unintended confusion – we’re here to straighten it up.

Pricing/renewal fees:
All changes in pricing/renewal fees are for new customers only. HostBill respects “grandfather rights”.
If by accident you did not received what you’ve paid for (renewal fee shows as different, your access to download shows as expired), please contact Licensing Department.

Paid Live Chat/Vies Plugin
You’re still free to use mentioned modules – those become paid for new customers only.
Bug fixes will be provided in future for both free and paid versions. New features will be introduced for paid versions.

Premium orderpages / clientarea themes
Update to newer version do not remove orderpages that came with your HostBill when you bought it or with updates up to recent version.
This means that you still are good to use orderpages you’ve bought with your HostBill.
Prices for orderpages listed as premium/paid are for new customers only.

Developer toolkit access
Access to dev toolkit is available for old customers only (anyone who signed up before 2013-05-24)

By new customers – we understand clients that signed up after 4.6.0 release (2013-05-24)

Update: 2013-05-28

Frequently Asked Questions:
Q: I purchased license year ago, do I still have access to all orderpages and client themes that came with my HostBill 4.5.8
A: Yes. All orderpages released prior to 4.6.0 are included in download package for customers who purchased HostBill before mentioned release

Q: Will I get new HostBill features/improvements/bug fixes?
A: Yes. All free core features, improvements and bug fixes are released weekly, as before.

Q: Do I have access my HostBill’s API?
A: Yes. Access to API and hooks, template and orderpage modifications is not limited!

Q: I signed up before 4.6.0 release, if I download new version are orderpages that I previously used going to be there?
A: Yes. You have access to what you’ve signed up for.

Q: Can I develop my own extensions or use third party modules?
A: If you’ve signed up before 2013-05-26 (TOS/License update) than YES.

HostBill 4.5.0 Release

New version of HostBill is available, next to exciting developer updates we’ve introduced two modules you might find useful:

Extended Fraud Protection
A Web-Hosters community powered fraud protection module. Next to standard HostBill fraud prevention you will also gain access to HostBill’s webhosting fraudsters IP database – to lower risk of fraud and chargebacks.

Learn more at http://hostbillapp.com/features/apps/fraudextended/index.html

SMS Verification Plugin
Verify your client’s identity and phone numbers with this simple, yet powerful plugin – use built-in sms notification plugins (or easily build your own) to send clientarea PIN protection code after signup.

Learn more at http://hostbillapp.com/features/apps/smsverification/index.html

For full changelog visit http://hostbillapp.com/changelog

HostBill 4.4.4 Release

Friday? So time for another exciting HostBill developments.

New orderpage:
Our new clientarea theme stands out with its modern design approach – we went extra mile and created new orderpage to match its unique style. Introducing Volume Slider orderpage – make sure to see its video preview!

More about HostBill orderpages: http://hostbillapp.com/features/order-pages.php

Major IPAM improvements:
Popular IP management plugin for HostBill, IPAM, just got better – check out its new features at http://ipam.hostbillapp.com/

For full changelog visit: http://hostbillapp.com/changelog

HostBill 4.4.2 Release

Friday – time for another HostBill release. With 4.4.2 we’re introducing couple of new modules, you should definitely check out:

Plugin: Ticket Related Service
While opening support ticket your customer will now be able to define which of his services his support message is related to. Admin section of ticket related service plugin will display it on top of page for staff convenience. Learn more at http://hostbillapp.com/features/apps/ticket_related_client_service.html

Full changelog available at http://hostbillapp.com/changelog