Jump to content

This doesn't seem right

webguy2

By webguy2
in Feedback

 Share

Recommended Posts

webguy2 Junior Member

webguy2

Posted
Posted

You give us a security update, because of an error in your coding.

Now I am locked out of my admin area unless I pay for an annual "support and updates" fee.

 

New versions with additional features and/or responses to support request...yes, that is worth asking for more money.

 

Problem is....if we don't update, we have a security problem with your application.

 

Not that it changes the situation, but why was I not informed of this before I applied the security patch?

 

 

This doesn't seem right.

0
Link to comment
Share on other sites
NovemberRain Junior Member

NovemberRain

Posted
Posted (edited)
When you buy the product it says "1 year of updates included". Why do you think it says that? How much more clear can they make it?

 

This is a security patch. They are fixing their insecure code which is their fault. It is not enhancements, new features or support tickets. In that case you would be right. If they want me to renew, they should do it by convincing me it is a solid and secure product. Currently this is not the case with all the recent security flaws and that's why I am not planning to renew and I am looking for other alternatives now. This code should already be secure in the first place. If it is not, they should fix it free!

Edited by NovemberRain
1
Link to comment
Share on other sites
webguy2 Junior Member

webguy2

Posted
  • Author
Posted

They are not answering my support tickets...

I can't even go back to any version as they are all vulnerable.

 

 

 

 

Security Status Update

 

 

As you may be aware, a security issue has been published which affects all known versions of WHMCS.

 

We are currently aware of the issue and are working on a software update to prevent this attack vector from being successful.

 

We will be publishing software updates for the versions in Active Development and LTS per our Long Term Support Policy:

 

http://docs.whmcs.com/Long_Term_Support

 

Please keep watch on our blog, facebook and twitter to receive the latest updates.

0
Link to comment
Share on other sites
webguy2 Junior Member

webguy2

Posted
  • Author
Posted

Then why am I locked out of the admin area?

I submitted a ticket hours ago.

 

I really do like the program and I appreciate the effort I know it takes to create, but this is a PITA, as is having to install the updates/security fixes. (I won't go into how many we've had to do in the past 2 months).

 

I suggest an automated system to remotely update core files, see Joomla or WP.

They already have us connecting to their system remotely when we login.

 

Separate security fixes from updates/enhancements.

 

- - - Updated - - -

 

No reply from them yet, but now can login.

 

Thank you.

0
Link to comment
Share on other sites
SeanP Senior Member

SeanP

Posted
Posted

I wouldn't patch a live production environment without first trying it on a dev install. It would prevent you from being "dead in the water" after applying a patch like this. It's always good to test first (even a quick test), to make sure it doesn't break your specific implementation of the software. Otherwise, you patch, it breaks, then you wait for hours until someone responds to fix it.

0
Link to comment
Share on other sites
openmind Senior Member

openmind

Posted
Posted

So to recap...

 

 

  • People are moaning that there are security issues and demand they get fixed
  • WHMCS do the right thing and get a security audit done
  • Users upgrade and moan that they need to pay (god forbid) for the patches/upgrades
  • They then wast time posting on the forum about how terrible their life is
  • They don't run a dev install to make the patch actually works

 

If I was in WHMCSs position I would make any upgrade, security or otherwise part of the support contract. If people can't/won't pay the equivalent of $2 per month to run their business then that is their problem.

2
Link to comment
Share on other sites
  • 4 weeks later...
John M Junior Member

John M

Posted
Posted
So to recap...

 

 

  • People are moaning that there are security issues and demand they get fixed
  • WHMCS do the right thing and get a security audit done
  • Users upgrade and moan that they need to pay (god forbid) for the patches/upgrades
  • They then wast time posting on the forum about how terrible their life is
  • They don't run a dev install to make the patch actually works

 

If I was in WHMCSs position I would make any upgrade, security or otherwise part of the support contract. If people can't/won't pay the equivalent of $2 per month to run their business then that is their problem.

Agreed 100 percent.

0
Link to comment
Share on other sites
AffordableDomainsCanada Senior Member

AffordableDomainsCanada

Posted
Posted (edited)
I wouldn't patch a live production environment without first trying it on a dev install. It would prevent you from being "dead in the water" after applying a patch like this. It's always good to test first (even a quick test), to make sure it doesn't break your specific implementation of the software. Otherwise, you patch, it breaks, then you wait for hours until someone responds to fix it.

 

I dont understand this, I used to do this, I have a seperate site dedicated just to the development of my site, - Link Removed, no need for it here - and I can update my site here, apply the patch, and do my testing, but when I do this same process on my live site, I have run into problems! Uploading files, etc..

 

The best way is to do a FULL backup of your site, then update the live site. If you have any problems, you always have that FULL site backup to fall back on!

 

Testing your update on a dev site is not always a guaranteed problem solver!

Edited by Infopro
Killed Useless Link
0
Link to comment
Share on other sites
pRieStaKos Senior Member

pRieStaKos

Posted
Posted

This is propably a complaining thread of a user-customer and not a developer. Because u should know that there isnt any script/OS or other app that is fully secured. Everyday a new security hole pops up and new patches/fixes must be made.

 

So, u should always have ways to recovery any problem about your site/app or other online service u got, in case u got problem or a third person causes you.

 

Testing inviroment is a must like backup/restore features.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept