WHMCS Latest Exploit -- Will You Keep Using WHMCS?

H

HN-Alejo

New member
So this marks the second time that WHMS has gone to a conference and a 0 day exploit has been released for their software. It's clear that WHMCS has yet to take security seriously (e.g. having Rack911 check their code for exploits).

Putting my trust in this company is getting harder and harder. Does anyone still like WHMCS? Will you keep using it?

I just feel like these exploits are getting out of hand. I've lost count of how many times I have had to nervously apply a patch (which inevitably breaks more) as a result of Matt's crappy software.
 
yes its getting worse

http://blog.whmcs.com/?t=79427 - Posted by WHMCS Chris on Thursday, October 3rd, 2013

http://blog.whmcs.com/?t=79527 - Posted by Matt on Sunday, October 6th, 2013

http://blog.whmcs.com/?t=80206 - Posted by Matt on Friday, October 18th, 2013

http://blog.whmcs.com/?t=80223 - Posted by Matt on Friday, October 18th, 2013

and i wonder what happened to new releases every 6 weeks as promised.

It seems that Matt spends more time playing with his new cPanel pals at these overseas conventions
 
Last edited:
It seems like every few days there is a new "emergency patch" and I must drop whatever I am doing to attend to WHMCS.

Honestly, it's like dealing with developers who are distracted by attending these conferences and not interested in improving their product.
 
We have too much time and money tied up in WHMCS and various modules. Have been considering signing up as an official reseller, but dont what to place any of our clients through the hassle of all these patches, while WHMCS staff play away with cPanel
 
I'm just glad that we stopped offering clients free whmcs licenses with their reseller accounts!
 
The problem is, we need something that is as good as whmcs, and doesnt mess around with there pricing, i mean hostbill was good, and they mess with the pricing all the time, nobody seems to want to touch it...
 
easyhostmedia said:
We have too much time and money tied up in WHMCS and various modules. Have been considering signing up as an official reseller, but dont what to place any of our clients through the hassle of all these patches, while WHMCS staff play away with cPanel
Click to expand...

If I remember correctly, they did away with their reseller program, most likely because they weren't making enough money and would rather just sell everything themselves... which is alright... their business, their choices.

wise said:
I'm just glad that we stopped offering clients free whmcs licenses with their reseller accounts!
Click to expand...

I would've loved to do this, but for us to basically support WHMCS because we'd be reselling it, wasn't worth it to us. There are too many customers that we've had in the past that want support for things like WHMCS and others, that we don't cover. We do our best, but since it is not our software, we don't provide full support.

private_html said:
The problem is, we need something that is as good as whmcs, and doesnt mess around with there pricing, i mean hostbill was good, and they mess with the pricing all the time, nobody seems to want to touch it...
Click to expand...

Unfortunately, there seems to always be price changes for software, partly because the companies producing it are greedy and want more money stuffed in their pockets.
Again, that's their decision, but they drive potential customers and existing customers away... I know I wouldn't want to continuously have to change the amount I was paying every now and then for a software like that... I'd prefer to sign-up for flat rates that don't change.
 
The issue is its generally a good piece of software and works well but they occasionally have issue. Do you jump ship and get what? For the time being we are are with it.
 
Luckily this company is providing fast patches to their customers. I've used software where tons of users report a bug and nothing gets done about it. It's kind of nice to be this big as there are people actively trying to hack the program, which allows them to patch it. it may be harder for a developer of a lesser known product to find an exploit like this.
 
As @Stream101 said, it's lucky they are patching so fast otherwise much more could get out of hand. The software itself is a very good 'bang for buck' but they have not done all the security components to their best as of yet.

My personal control panel and management preference would be Ubersmith, I have worked with them for a while and they are truly outstanding (especially when you have it connected to OnApp, it runs as smooth as a cloud! - No pun intended!). Overall it's up to you whether you switch of give them another chance.

All the best,
Jordan F.
 
We actually got hit by one of the exploits. Thankfully all of our security layers prevented them from getting very far, however I do call into question on why they waited so long to inform clients there was a publically disclosed exploit. They should have sent out a notice saying an exploit was posted publically so we could be on the alert for suspicious activity, as well as they develop a patch as quickly as possible.

We got the notice of a security issue at 330am EST GMT-5 and it went to my personal email address rather than the support. As I was out of town due to it being a weekend, I didn't get the notice in a timely fashion. Very disappointed in their notifications of issues, it was something I had hoped cPanel would have corrected with them.

Seeing how there are no other comparable billing systems out there, we are stuck. Ubersmith from my understand no longer has a "lite" version of their software, nor do they do owned licenses. Plesk used to have a billing system however it seems its gone or has been transformed into something else. Whats left, Hostbill and ClientExec? We moved from ClientExec because we outgrew it, and the devs were slow in adding requested features.

We've reviewed Hostbill and it would not fit our needs due to its pricing structure as well as limitations. Don't get me wrong, I understand alot of work goes into making a billing system, but any time you design software that can potentially handle sensitive personal and financial information, security and encryption need to be at the forefront of your development process.
 
@agentblack take a look at CE 5.0 there are some very nice features coming out especially if chat is important.

We still run with HB, luckily we got in before the pricing went crazy, and so far it is doing a good job for us (although we do have a few niggles) ..
 
wise said:
@agentblack take a look at CE 5.0 there are some very nice features coming out especially if chat is important.

We still run with HB, luckily we got in before the pricing went crazy, and so far it is doing a good job for us (although we do have a few niggles) ..
Click to expand...

We still own our owned license of ClientExec but it's lacking in alot of ways. One of our biggest complaints is that it doesn't interface to our domain name registrar. We had been asking for that for several years and kept getting told it's coming, with it still not being added through several updates.
 
yes the v4 versions of CE was lacking, it does look like they are putting a lot of work into v5, time will tell if its of substance or gloss! Should go into beta in the next few weeks I think. If CE arent building your registrar module, shouldn't cost much to hire a programmer to copy one of the existing enom or logicboxes etc and modify it for your own?
 
Then be out that money when the module releases from ClientExec, plus have to keep paying the dev to update it when CE changes something? Doesn't make very smart business sense.
 
agentblack said:
Then be out that money when the module releases from ClientExec, plus have to keep paying the dev to update it when CE changes something? Doesn't make very smart business sense.
Click to expand...
if you turn over enough domains it would be worth it, especially if CE have still not created it for you. Was just an idea :)
 
Surely WHMCS will have to take security seriously beforw long, its such a great script for web hosting use and selling products with so many features and so easy to use. I would change to a more secure script but I cannot find one that matches WHMCS for features and usability at the same low prices.
 
You must log in or register to reply here.

Supporters

Back
Top