Browse Category: Annoucements

Security Advisory – HostBill version 2013-12-14

We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.

Applying update
To apply security update please download latest and update HostBill to 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.

Upgrading to new version: http://wiki.hostbillapp.com/index.php?title=Upgrading_to_new_version
Using auto upgrade plugin: http://wiki.hostbillapp.com/index.php?title=Auto-Upgrade_plugin

We believe that this vulnerability is not known to the public, its severity depends on adminarea protection.
KBKP Software always encourages our clients to take extra steps for protection:
http://wiki.hostbillapp.com/index.php?title=Additional_security_steps

Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.

Security Advisory – HostBill versions 4.x

In last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:

https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.4_4347.zip

For manual patch apply please extract archive contents in main HostBill dir.
We strongly recommend upgrading to latest HostBill version (4.6.4 – archive also contains patched files)

Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.

Patch was introduced immediately for auto-upgrade feature

Important Security Patch Released

We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration we cannot leave our users at risk – we take security very seriously.

Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)

Please extract this patch in main HostBill directory. It is also available in auto-update plugin.

Version 4.6.0 available in downloads section has also been patched, so if you’re using older version its advised to upgrade to latest version.

Information about price/modules changes in 4.6.0 release for current customers

Dear customers

We’re quite aware that our recent changes in billing model/platform may have caused unintended confusion – we’re here to straighten it up.

Pricing/renewal fees:
All changes in pricing/renewal fees are for new customers only. HostBill respects “grandfather rights”.
If by accident you did not received what you’ve paid for (renewal fee shows as different, your access to download shows as expired), please contact Licensing Department.

Paid Live Chat/Vies Plugin
You’re still free to use mentioned modules – those become paid for new customers only.
Bug fixes will be provided in future for both free and paid versions. New features will be introduced for paid versions.

Premium orderpages / clientarea themes
Update to newer version do not remove orderpages that came with your HostBill when you bought it or with updates up to recent version.
This means that you still are good to use orderpages you’ve bought with your HostBill.
Prices for orderpages listed as premium/paid are for new customers only.

Developer toolkit access
Access to dev toolkit is available for old customers only (anyone who signed up before 2013-05-24)

By new customers – we understand clients that signed up after 4.6.0 release (2013-05-24)

Update: 2013-05-28

Frequently Asked Questions:
Q: I purchased license year ago, do I still have access to all orderpages and client themes that came with my HostBill 4.5.8
A: Yes. All orderpages released prior to 4.6.0 are included in download package for customers who purchased HostBill before mentioned release

Q: Will I get new HostBill features/improvements/bug fixes?
A: Yes. All free core features, improvements and bug fixes are released weekly, as before.

Q: Do I have access my HostBill’s API?
A: Yes. Access to API and hooks, template and orderpage modifications is not limited!

Q: I signed up before 4.6.0 release, if I download new version are orderpages that I previously used going to be there?
A: Yes. You have access to what you’ve signed up for.

Q: Can I develop my own extensions or use third party modules?
A: If you’ve signed up before 2013-05-26 (TOS/License update) than YES.

HostBill 3.9 Preview: New Clientarea variation: “NextGen Clean”

Our NextGen theme released few months ago changed industry outlook on client section of service provider websites. Its time to make it even better!
With HostBill 3.9 we’re introducing new variation of this popular theme, called “Nextgen Clean” – we’ve made it nicer to eye with pixel-perfect attention to details, take a look on some screenshots or watch short style walk-trough





HostBill 3.1.4 release – changes/improvements

It’s been a week – so time for another updrade from HostBill team!
Lets take a glimpse of today-released, all new, HostBill 3.1.4:

Further OnApp improvements

Our already great integration with OnApp Cloud just get better! Your client will now have access to new backup-related features, including:

Backup->Template conversion
If you offer cloud/vps backup space, you can now add them ability to convert their backups into re-usable OS Templates from HostBill interface with just few mouse-cliks – simple as that!
onapp_backup_convert

Backup Schedule
If you enable Schedules in related OnApp user roles your clients will see new option in their clientarea interface – Schedule Backup. With this option your customers will be able to manage their automated backup schedules, allowing them to create daily/weekly/monthly/yearly backups.
onapp_backup_schedule

New ticket department permissions

Now you can use additional settings in your Ticket departments including:
– Allowing staff member to reply using email
– Prevent customers from closing ticket opened by staff member
– Prevent customers from re-open ticket closed by staff member

Of course there is lot more in new version For full list of changes/fixes go to hostbillapp.com/changelog/

I’d like to take the opportunity and wish our valued customers and friends Happy Holidays and a New Year from HostBill team. Its been amazing year for us, full of great integrations, major HostBill improvements and number of great new customers to work with.
See you in 2012!

Overview of new HostBill features

A lot has changed since last post on this blog – our development yet again gained momentum and we’ve introduced number of cool new features in HostBill. Lets take a quick tour of whats new in HostBill:

Invoice templates

Everything is marketing – even invoices sent to customers. Make sure your invoices will stand out! With new HostBill feature – invoice templates – customizing your HTML & PDF invoices sent from HostBill is really simple! Just use built-in editor to create your own, professional looking invoice, and impress your customers! No programming skills & file edits required! Learn more here

Translation tags

Now HostBill is first and only, 100% Multilingual billing system! Each aspect can be translated to your customer native language – product names, email templates, registration fields, form elements, news, knowledgebase & much more! With easy to use translation tags you can generate tag, that will be replaced with value in visitor language – simple as that! Learn more here

PowerDNS integration

PowerDNS is best Open Source solution for Managed DNS hosting available. Now with our feature-rich integration you can give your clients ability to manage their DNS records in fast and user-friendly way trough billing system interface. Learn more about this integration at PowerDNS Feature page

OnApp module re-built

Our integration with OnApp is already known as best-one available, we’ve decided to make it even better by introducing fresh clientarea template & set of brand new features. Make sure to check our OnApp feature page to learn more about recent improvements.

HostBill Security Patch for 2.X: Critical Security Issue

Dear Client!
HostBill 2.x security patch.
Last night one of our client notified us about potential security threat affecting HostBill versions 2.x, which may allow to access admin area with previously stolen session cookie.

Please download this patch as soon as possible: https://hostbillapp.com/clientarea/index.php?cmd=module&module=downloads&file=11
To apply patch please extract archive contents in your HostBill directory, or upload its contents directly to your install (there is only one file that requires overwriting).

We’re not aware of any installation compromised other than reported last night.
If you have questions or any concerns please feel free to contact us. We do apologize for any inconvenience.

Note: 2.8 version download package contains this patch by default from now on, 2.9 version that is scheduled to release next week will also contain it.

HostBill – Multiple possibilities for developers

Want to build module for HostBill? Not a problem!

We’ve been working recently on DevKits, documentation and examples so you can integrate virtually anything with HostBill now!

Whats possible?
Hosting/App/Provisioning modules
Connecting forms with provisioning modules
Payment Gateways
Plugins
Using API
Domain Registrars
– Custom Product Types (work in progress)

Stay tuned for next updates – I’m off  trying to hook up coffee machine API with HostBill 😉

Kris