• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net

The Hosting Tool Secure?

FeediaCo

Active Member
So a while back I was using the hosting tool as my billing system because I was strapped for money. In which I found out that there was an exploit that came out prior to an update. My site was hacked using that exploit. This has shaken my beliefs in the security of the script itself. Should I put it back on with the most recent update?
 

theraptor

Active Member
The MySQL injection vulnerability you are referring (Secunia SA42369)to was kindly pointed out to us by both the finder and Secunia, and was patched in the v1.2.3 release a full week before the advisory was released to the public(the update was released 12-14-2010). The only way you should have been "hacked" by this exploit is if you have not been properly updating your script, which is entirely your fault, as THT reminds you to update every time you view the Admin CP. The only current exploit is a Cross-Site Scripting problem, which has been minimized in the current release (1.2.3) and with the proper security protocols that any webmaster should be following is not really a problem at all (log out of THT Admin CP when you are done with it, do not visit suspicious websites while logged in to the ACP)

As with any script for your website, you should maintain caution and keep in mind that THT was, and is, intended to be used for free hosts. If you are selling hosting to someone, you should make the small investment in a system such as WHMCS, which was designed for that.
 

Schmarvin

Cross Industries
NLC
So your saying I can't go ahead and hack someone's site? I already reported a few more holes in your system. I think I've reported over a dozen in the past couple of updates.
 

theraptor

Active Member
Now this is interesting. Where have you reported them to Schmarvin? Certainly not using the Google Code Issue tracker. And not to my email or Kevin's also. And Secunia hasn't added any issues to the advisory database, so if you reported them there they can't be much issues at all. If you have found some security flaws, please report them to me, and they will be patched.
 

Schmarvin

Cross Industries
NLC
Now this is interesting. Where have you reported them to Schmarvin? Certainly not using the Google Code Issue tracker. And not to my email or Kevin's also. And Secunia hasn't added any issues to the advisory database, so if you reported them there they can't be much issues at all. If you have found some security flaws, please report them to me, and they will be patched.
I did, right when you guys went into development. Not my fault if the issues were marked and removed.

Schmarvin,
are those holes are critical exploit?
Please share some info.
They were at the time.
 

Tc-Ltd

New Member
take it from me
THT is secured we are working with a small hacker team to test security on it
93% is safe
but 7% still need some changement
 

CS Squad

cs-squad.net
NLC
I was thinking of installing THT, but nevermind.
You are a host that have income, so I think it is best if you use those paid script which have commercial support.
But anyway, I still think THT is good for those new host which not yet have income, and those P2H hosts at the moment.
BoxBilling is still an immature project, still a lot of issues. So at the moment, THT is still the most appropriate choice for these new hosts and P2H hosts.
 

sander k

Well-Known Member
NLC
You are a host that have income, so I think it is best if you use those paid script which have commercial support.
But anyway, I still think THT is good for those new host which not yet have income, and those P2H hosts at the moment.
BoxBilling is still an immature project, still a lot of issues. So at the moment, THT is still the most appropriate choice for these new hosts and P2H hosts.
I am about to start a post2host. We will proberbly open after I come back from India and Nepal.
Is there a good (paid) alternative? It needs some kind of post2host module compedable with vBulletin 3.8.7.
 

CS Squad

cs-squad.net
NLC
I am about to start a post2host. We will proberbly open after I come back from India and Nepal.
Is there a good (paid) alternative? It needs some kind of post2host module compedable with vBulletin 3.8.7.
If P2H, so far I see, the best is still THT.
LOL
Other than THT, I don't know there are any script that can do P2H.
I heard that iPanel can do P2H, but I'm not sure about that. Need those who used iPanel before to verify this.
 

theraptor

Active Member
iPanel does P2H, but iPanel has not been very good lately for a variety of reasons. There is also an addon for WHMCS that does P2H and costs around $10. However, this addon is still new and while it works, it is not pretty (think invoices & payments of $0.00 showing up every month for every P2H client. Your best bet is to probably use WHMCS for paid clients and THT for P2H only, with the following precautions:

1) Require "Signup Posts" - this makes the user post their first month in advance.
2) Require admin approval for all clients/orders.

Also, I'm not making any promises at all, but you could see 1.2.4 by the end of the year. That date could change at any minute though, so don't bet on it.
 
Top