VN-Ken Posted January 28, 2008 Share Posted January 28, 2008 I am wondering what measures WHMCS is taking to further secure their product... I have heard that the backend WHMCS coding is not secure, and I would like an official statement from WHMCS about this, if they really care about the sensitivity of this matter. Link to comment Share on other sites More sharing options...
WHMCS CEO Matt Posted January 28, 2008 WHMCS CEO Share Posted January 28, 2008 Hi Ken, As you should have seen in our announcement earlier this month, our server was compromised at the beginning of the year and resulted in a number of malicious files being added into our client area downloads for WHMCS. This was not a result of a WHMCS vulnerability and indeed we don't use WHMCS for our own client area as we have a need for license management there which WHMCS doesn't do. However, in addition to that, some vulnerabilities have been identified in the current WHMCS version relating to SQL injections. At WHMCS we take security very seriously and as a result, in V3.6 we have modified all the affected queries to secure them and prevent the risk of SQL injections occuring. We have also taken several furthur steps to add security in the V3.6 version such as checks to ensure the install folder is removed before use, sanitizing previously missed variables, email notifications on every failed admin login attempt, checks on language files before inclusion and other various updates and enhancements. V3.6 has been out in Beta for the past week and is nearing completion of that stage so is soon to be released as stable. When that time comes an announcement will be made via email. Matt Link to comment Share on other sites More sharing options...
Recommended Posts