This week new in HostBill: U2F/Yubikey authentication module, bulk domain transfer feature, update to PDU SNMP module and more!Continue Reading
We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.
To apply security update please download latest and update HostBill to 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.
Upgrading to new version: http://wiki.hostbillapp.com/index.php?title=Upgrading_to_new_version
Using auto upgrade plugin: http://wiki.hostbillapp.com/index.php?title=Auto-Upgrade_plugin
We believe that this vulnerability is not known to the public, its severity depends on adminarea protection.
KBKP Software always encourages our clients to take extra steps for protection:
Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.
In last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:
For manual patch apply please extract archive contents in main HostBill dir.
We strongly recommend upgrading to latest HostBill version (4.6.4 – archive also contains patched files)
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.
Patch was introduced immediately for auto-upgrade feature
We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration we cannot leave our users at risk – we take security very seriously.
Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)
Please extract this patch in main HostBill directory. It is also available in auto-update plugin.
Version 4.6.0 available in downloads section has also been patched, so if you’re using older version its advised to upgrade to latest version.
As scheduled – week passed and new HostBill version is ready: 4.1.4 with multiple improvements and bug fixes is available for download.
Client signup captcha
Spambots now seem to attack even billing systems – there is no better way to prevent it than implementing captcha. By default new client signups require captcha confirmation (you can disable captcha field in Clients->Registration fields)
Client profile files
You can now upload files directly in client profile, so it can be accessible only by this client, or staff members visiting client profile.
Fixed invoice data
When using EU invoicing, you can prevent client details edits appearing on invoices by simply enabling one option in admin config. Learn more
BitPay.com payment gateway
BitCoin digital currency gains popularity, start accepting payments in BitCoins now with BitPay payment gateway for HostBill. Learn more.
Full changelog available at http://hostbillapp.com/changelog
Within last few hours we’ve been notified by external auditor about SQL Injection vulnerability found in current HostBill releases.
As 4.0 version is ready it also includes patch for this problem. Please update at your earliest convenience, before vulnerability details become widely known. We recommend using auto-upgrade plugin, to make sure you’re always up-to-date with recent updates/patches.
So whats new in HostBill 4.0.0 ?
Reports in HostBill
HostBill always had nice-looking and insightful graphical statistics, but we realize that sometimes numbers looks better printed, or are even required in this representation. Make sure to check flexible new reports, allowing for drag & drop output adjustments, multiple output formats (HTML,CSV,PDF,TXT & more) & easy report criteria modification in HostBill 4.0
Learn more at http://blog.hostbillapp.com/
New Orderpage: Smart Wizard
Created to sell more with each well-designed step this orderpage is another amazing item on our rich collection
Check this, and another available orderpages at http://hostbillapp.com/features/order-pages.php
Full changelog available at: http://hostbillapp.com/changelog/