Browse Category: Annoucements

Security Advisory – HostBill version 2013-12-14

We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.

Applying update
To apply security update please download and update HostBill to the lateste 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.

Upgrading to new version: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491585/Upgrading+to+new+version
Using auto upgrade plugin: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491588/Auto-Upgrade+plugin

We believe that this vulnerability is not known to the public. Its severity depends on admin area protection.
KBKP Software always encourages our clients to take extra steps for protection:
https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/1212438/Security

Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.

Security Advisory – HostBill versions 4.x

In the last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:

https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.4_4347.zip

For manual patch apply please extract archive contents in main HostBill directory.
We strongly recommend upgrading to the latest HostBill version (4.6.4 – archive also contains patched files)

Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.

Patch was introduced immediately for auto-upgrade feature.

Important Security Patch Released

We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration. We cannot leave our users at risk – we take security very seriously.

Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)

Please extract this patch in main HostBill directory. It is also available in auto-update plugin.

Version 4.6.0 available in downloads section has also been patched, so if you’re using older version it’s advised to upgrade to the latest version.

Information about price/modules changes in 4.6.0 release for current customers

Dear customers,

We’re quite aware that our recent changes in billing model/platform may have caused unintended confusion – we’re here to straighten it up.

Pricing/renewal fees:
All changes in pricing/renewal fees are for new customers only. HostBill respects “grandfather rights”.
If by accident you did not receive what you’ve paid for (renewal fee shows as different, your access to download shows as expired), please contact Licensing Department.

Paid Live Chat/Vies Plugin
You’re still free to use mentioned modules – those become paid for new customers only.
Bug fixes will be provided in future for both free and paid versions. New features will be introduced for paid versions.

Premium orderpages / client area themes
Update to the newer version does not remove orderpages that came with your HostBill when you bought it or with updates up to the recent version.
This means that you still are good to use orderpages you’ve bought with your HostBill.
Prices for orderpages listed as premium/paid are for new customers only.

Developer toolkit access
Access to dev toolkit is available for old customers only (anyone who signed up before 2013-05-24)

By new customers – we understand clients that signed up after 4.6.0 release (2013-05-24)

Update: 2013-05-28

Frequently Asked Questions:
Q: I purchased license a year ago, do I still have access to all orderpages and client themes that came with my HostBill 4.5.8
A: Yes. All orderpages released prior to 4.6.0 are included in download package for customers who purchased HostBill before mentioned release

Q: Will I get new HostBill features/improvements/bug fixes?
A: Yes. All free core features, improvements and bug fixes are released weekly, as before.

Q: Do I have access to my HostBill’s API?
A: Yes. Access to API and hooks, template and orderpage modifications is not limited!

Q: I signed up before 4.6.0 release, if I download new version are orderpages that I previously used going to be there?
A: Yes. You have access to what you’ve signed up for.

Q: Can I develop my own extensions or use third party modules?
A: If you’ve signed up before 2013-05-26 (TOS/License update) than YES.

HostBill 3.9 Preview: New Client area variation: “NextGen Clean”

Our NextGen theme released few months ago changed industry outlook on client section of service provider websites. It’s time to make it even better!
With HostBill 3.9 we’re introducing new variation of this popular theme, called “Nextgen Clean” – we’ve made it nicer to eye with pixel-perfect attention to details, take a look on some screenshots or watch short style walk-trough:

A few screenshots:




HostBill 3.1.4 release – changes/improvements

It’s been a week – so time for another update from HostBill team!
Lets take a glimpse of today-released, all new, HostBill 3.1.4:

Further OnApp improvements

Our already great integration with OnApp Cloud just got better! Your clients will now have access to the new backup-related features, including:

Backup->Template conversion
If you offer cloud/vps backup space, you can now add them the ability to convert their backups into re-usable OS Templates from HostBill interface with just few mouse clicks – simple as that!

onapp_backup_convert

Backup Schedule
If you enable Schedules in related OnApp user roles your clients will see new option in their client area interface – Schedule Backup. With this option your customers will be able to manage their automated backup schedules, allowing them to create daily/weekly/monthly/yearly backups.
onapp_backup_schedule

New ticket department permissions

Now you can use additional settings in your Ticket departments including:
– Allowing staff member to reply using email
– Prevent customers from closing a ticket opened by staff member
– Prevent customers from re-opening a ticket closed by staff member

Of course there is lot more in the new version. For full list of changes/fixes go to hostbillapp.com/changelog/

I’d like to take the opportunity and wish our valued customers and friends Happy Holidays and a New Year from HostBill team. It’s been an amazing year for us, full of great integrations, major HostBill improvements and number of great new customers to work with.
See you in 2012!

Overview of new HostBill features

A lot has changed since the last post on this blog – our development yet again gained momentum and we’ve introduced a number of cool new features in HostBill. Lets take a quick tour of what’s new in HostBill:

Invoice templates

Everything is marketing – even invoices sent to customers. Make sure your invoices stand out! With new HostBill feature – invoice templates – customizing your HTML & PDF invoices sent from HostBill is really simple! Just use built-in editor to create your own, professional looking invoice, and impress your customers! No programming skills & file edits required! Learn more here.

Translation tags

Now HostBill is the first and only, 100% Multilingual billing system! Each aspect can be translated to your customer’s native language – product names, email templates, registration fields, form elements, news, knowledgebase & much more! With easy to use translation tags you can generate a tag, that will be replaced with value in visitor language – simple as that! Learn more here

PowerDNS integration

PowerDNS is the best Open Source solution for Managed DNS hosting available. Now with our feature-rich integration you can give your clients ability to manage their DNS records in a fast and user-friendly way trough the billing system interface. Learn more about this integration at PowerDNS Feature page

OnApp module re-built

Our integration with OnApp is already known as the best-one available, we’ve decided to make it even better by introducing fresh client area template & a set of brand new features. Make sure to check our OnApp feature page to learn more about recent improvements.

HostBill Security Patch for 2.X: Critical Security Issue

Dear Clients!
HostBill 2.x security patch.
Last night one of our clients notified us about potential security threat affecting HostBill versions 2.x, which may allow to access admin area with previously stolen session cookie.

Please download this patch as soon as possible: https://hostbillapp.com/clientarea/index.php?cmd=module&module=downloads&file=11
To apply patch please extract archive contents in your HostBill directory, or upload its contents directly to your install (there is only one file that requires overwriting).

We’re not aware of any installation compromised other than reported last night.
If you have questions or any concerns please feel free to contact us. We do apologize for any inconvenience.

Note: 2.8 version download package contains this patch by default from now on, 2.9 version that is scheduled to release next week will also contain it.

HostBill – Multiple possibilities for developers

Want to build a module for HostBill? Not a problem!

We’ve been working recently on DevKits, documentation and examples so you can integrate virtually anything with HostBill now!

Whats possible?
– Hosting/App/Provisioning modules
– Connecting forms with provisioning modules
– Payment Gateways
– Plugins
– Using API
– Domain Registrars
– Custom Product Types (work in progress)

Stay tuned for next updates – I’m off  trying to hook up coffee machine API with HostBill 😉

Kris