Browse Tag: security

Security Advisory – HostBill version 2013-12-14

We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.

Applying update
To apply security update please download latest and update HostBill to 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.

Upgrading to new version:
Using auto upgrade plugin:

We believe that this vulnerability is not known to the public, its severity depends on adminarea protection.
KBKP Software always encourages our clients to take extra steps for protection:

Big thanks to team Rack911 ( for identifying and reporting this problem.

Security Advisory – HostBill versions 4.x

In last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:

For manual patch apply please extract archive contents in main HostBill dir.
We strongly recommend upgrading to latest HostBill version (4.6.4 – archive also contains patched files)

Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.

Patch was introduced immediately for auto-upgrade feature

Important Security Patch Released

We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration we cannot leave our users at risk – we take security very seriously.

Download patch from here: (for versions 4.4.0 and UP)

Please extract this patch in main HostBill directory. It is also available in auto-update plugin.

Version 4.6.0 available in downloads section has also been patched, so if you’re using older version its advised to upgrade to latest version.

HostBill 4.1.4 Release

As scheduled – week passed and new HostBill version is ready: 4.1.4 with multiple improvements and bug fixes is available for download.
Whats new:

Client signup captcha
Spambots now seem to attack even billing systems – there is no better way to prevent it than implementing captcha. By default new client signups require captcha confirmation (you can disable captcha field in Clients->Registration fields)

Client profile files
You can now upload files directly in client profile, so it can be accessible only by this client, or staff members visiting client profile.

Fixed invoice data
When using EU invoicing, you can prevent client details edits appearing on invoices by simply enabling one option in admin config. Learn more payment gateway
BitCoin digital currency gains popularity, start accepting payments in BitCoins now with BitPay payment gateway for HostBill. Learn more.

Full changelog available at

Important Security Update & HostBill 4.0 Release

Within last few hours we’ve been notified by external auditor about SQL Injection vulnerability found in current HostBill releases.

As 4.0 version is ready it also includes patch for this problem. Please update at your earliest convenience, before vulnerability details become widely known. We recommend using auto-upgrade plugin, to make sure you’re always up-to-date with recent updates/patches.

So whats new in HostBill 4.0.0 ?

Reports in HostBill
HostBill always had nice-looking and insightful graphical statistics, but we realize that sometimes numbers looks better printed, or are even required in this representation. Make sure to check flexible new reports, allowing for drag & drop output adjustments, multiple output formats (HTML,CSV,PDF,TXT & more) & easy report criteria modification in HostBill 4.0
Learn more at

New Orderpage: Smart Wizard
Created to sell more with each well-designed step this orderpage is another amazing item on our rich collection

Check this, and another available orderpages at

Full changelog available at:

  • 1
  • 2