The thread on WHMCS security issues has brought up an interesting question:

What is the most secure billing and automation software available to small web hosts? Ubersmith Lite, AWBS, ModernBill, or ClientExec?

Features aren't the most important thing to us; security is.

don't forget WHMAutopilot

don't forget WHMAutopilot

I try too. ;)

Well, in the case of WHMCS, it wasn't an issue with the software itself. I'm of the opinion that most of the billing software out there is fairly secure. You don't typically here of many exploits at all. When you do, as with the WHMCS issue, you tend to hear about the fix before you hear about those who are exploited.

This is an industry where your security reputation is everything. I don't think any product can afford to be lax in that arena.

Also, I think you'll be challenged to find anything that's 100% secure in this industry. It ultimately depends upon who wants to get in.

ModernBill is better and AWBS is worse than others according to me. Because many bugs occurred frequently. But all of the providers fix the issues by updating softwares quickly.

WHMCS was exploited but to my knowledge, security wise was not effected. They had a breach to their server and the ioncube encryption used on the code was broken but I don't think this will effect any of their current users. It is sad that this happens to many in this industry.

If people can hack into the CIA or FBI, what makes you think that these same malicious individuals can not hack into a web hosting site / server. It can happen to anyone at anytime.

I continue to wish Matt the very best and I know for certain that he has one of the top billing systems in the current market along with Ubersmith and the ultimate all-in-one solution, H-Sphere.

I personally think WHMCS is the best out currently. Modern Bill seems to be having more and more problems and is nowhere near as user friendly as the others.

AWBS i dont know enough about to comment on.

WHMAutopilot is okay, but i find WHMCS easier to install, update, integrate, and easier on the end user. It also looks better.

WHMCS seems to always be on top of things and i think this recent issue will just push them to make an already great solution better and more secure.

Despite the recent event i dont think i could think of a better solution than WHMCS.

Fan of WHMCS myself but as far as security goes there are so many things that can go wrong or be exploited that all of the systems have most likely had issues at one time or another. Not at the fault of the system itself, but these systems rely on external packages as well, sql, apache, php, whatever.. It's the user's responsibility to ensure that all packages and open services on the server are kept updated which is where most of these problems come from.

Fan of WHMCS myself but as far as security goes there are so many things that can go wrong or be exploited that all of the systems have most likely had issues at one time or another. Not at the fault of the system itself, but these systems rely on external packages as well, sql, apache, php, whatever.. It's the user's responsibility to ensure that all packages and open services on the server are kept updated which is where most of these problems come from.

UH?

Security issues in PHP applications comes almost always as a result of the application not something it's running. Not validating input coming in is a common issue. Others include remote include vulnerabilities so that outside php scripts can be put on the server.

These billing systems all encrypt pretty much everything so it really is a good way to help protect themselves. But as we're seeing with WHMCS when the code is out there in the open it is not pretty. So I think switching to another system is not going to do you much good as that code will end up showing up on the internet as well.

UH?

Security issues in PHP applications comes almost always as a result of the application not something it's running. Not validating input coming in is a common issue. Others include remote include vulnerabilities so that outside php scripts can be put on the server.

These billing systems all encrypt pretty much everything so it really is a good way to help protect themselves. But as we're seeing with WHMCS when the code is out there in the open it is not pretty. So I think switching to another system is not going to do you much good as that code will end up showing up on the internet as well.

Yes... I was referring to other software utilized on the system, not the billing software itself. I agree that the most common way these billing systems are exploited is through injection vulnerabilities or exploitation of sloppy coding. But, in addition the supporting software has to be kept updated as well or it's just another avenue to get in through the front door..