Turnstile – new alternative to Captcha
Use new, smart CAPTCHA alternative – a Turnstile widget by Cloudflare, now integrated with HostBill! In today’s release we’re also introducing bulk cancellation requests. Read on for details!
Continue Reading
New Seafile provisioning module, hCaptcha and Phone.com plugins and more!
A lot of news this week! Three new modules to start with: Seafile provisioning module to sell Seafile accounts, Phone.com notification module and hCaptcha plugin. Read on to find out more!
Continue Reading
New U2F authentication module!
This week new in HostBill: U2F/Yubikey authentication module, bulk domain transfer feature, update to PDU SNMP module and more!
Continue Reading
Authy 2 factor authentication plugin
This week in HostBill we’re presenting new plugin, that adds extra measure of protection to your HostBill admin and/or client areas: Authy 2FA.
Continue Reading
Two-factor authentication with Cryptophoto
Want an extra layer of protection for your admin or client area? Use CryptoPhoto two-factor authentication via crypto images! Continue Reading
Security Advisory – All HostBill versions
We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability. Severity depends on server configuration. As we take security very seriously we cannot leave our users at risk.
The GDPR Compliance
As of 25th May 2018 the General Data Protection Regulation comes into force. At HostBill we have always been committed to data privacy and security and we have taken all necessary steps to ensure GDPR compliance. Continue Reading
Security Advisory – HostBill version 2013-12-14
We’ve just released security update for HostBill, as a response to potentially dangerous XSS Vulnerability.
Applying update
To apply security update please download and update HostBill to the lateste 2013-12-14 version.
You can also use our auto-upgrade plugin to perform this automatically.
Upgrading to new version: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491585/Upgrading+to+new+version
Using auto upgrade plugin: https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/491588/Auto-Upgrade+plugin
We believe that this vulnerability is not known to the public. Its severity depends on admin area protection.
KBKP Software always encourages our clients to take extra steps for protection:
https://hostbill.atlassian.net/wiki/spaces/DOCS/pages/1212438/Security
Big thanks to team Rack911 (https://www.rack911.com/) for identifying and reporting this problem.
Security Advisory – HostBill versions 4.x
In the last couple hours we’ve released patch for HostBill versions 4.x available from auto-update plugin and to download directly from:
https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.4_4347.zip
For manual patch apply please extract archive contents in main HostBill directory.
We strongly recommend upgrading to the latest HostBill version (4.6.4 – archive also contains patched files)
Patched vulnerability
We’ve been notified about brute-force attack possible to be performed by logged in customers into other client’s accounts.
Patch was introduced immediately for auto-upgrade feature.
Important Security Patch Released
We’ve been notified about dangerous security threat found in one of HostBill files.
Severity depends on server configuration. We cannot leave our users at risk – we take security very seriously.
Download patch from here: https://hostbillapp.com/clientarea/patches/hostbill_patch4.6.0_4324.zip (for versions 4.4.0 and UP)
Please extract this patch in main HostBill directory. It is also available in auto-update plugin.
Version 4.6.0 available in downloads section has also been patched, so if you’re using older version it’s advised to upgrade to the latest version.
- 1
- 2