Results 1 to 10 of 10
  1. #1
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294

    HostBill - Security Update Issued

    So we were working through endless change logs and rss feeds and we picked up a security update from Hostbill:

    Version: 06-11-2013
    Security Fix
    Possible SQL Injection vulnerability discovered.
    No further information was provided, but its highly advised that you update if you have not already.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  2. #2
    Join Date
    May 2003
    Location
    San Francisco, CA
    Posts
    1,481
    For our US friends, that's November 8th not June 11th. That caught me off guard for a moment.

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    There is also this. Rumors of exploits in hostbills website.
    http://www.hostbillforums.com/index.php?topic=567.0
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by Jay H View Post
    For our US friends, that's November 8th not June 11th. That caught me off guard for a moment.
    Us too
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    Quote Originally Posted by Jay H View Post
    For our US friends, that's November 8th not June 11th. That caught me off guard for a moment.
    Yeah.

    We overlooked it initially thinking it was the same thing then realized they (apparently) changed from version numbers to dates in the DD-MM-YY format... what a stupid idea, if you ask me.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  6. #6
    Join Date
    May 2003
    Location
    San Francisco, CA
    Posts
    1,481
    Quote Originally Posted by Steven View Post
    There is also this. Rumors of exploits in hostbills website.
    http://www.hostbillforums.com/index.php?topic=567.0
    They might want to reach out to that user before the localhost guy decides to poke around.

  7. #7
    Join Date
    Jun 2010
    Location
    Northern Virginia
    Posts
    1,986
    Quote Originally Posted by Steven View Post
    There is also this. Rumors of exploits in hostbills website.
    http://www.hostbillforums.com/index.php?topic=567.0
    Keep in mind, that is not an official Hostbill forum.
    ██ KVM SSD & SATA VPS | Dedicated Servers | Colocation
    ██ Managed and Self Managed Servers | North Carolina, Washington D.C, London and Texas Data Centers
    ██ www.bigbrainglobal.com | Big Brain Global Networks

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by BBGN Brian View Post
    Keep in mind, that is not an official Hostbill forum.
    Of course? I did call it a rumor after all.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Join Date
    Jun 2010
    Location
    Northern Virginia
    Posts
    1,986
    Quote Originally Posted by Steven View Post
    Of course? I did call it a rumor after all.
    Right but that forum is not owned by Hostbill.
    ██ KVM SSD & SATA VPS | Dedicated Servers | Colocation
    ██ Managed and Self Managed Servers | North Carolina, Washington D.C, London and Texas Data Centers
    ██ www.bigbrainglobal.com | Big Brain Global Networks

  10. #10
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by BBGN Brian View Post
    Right but that forum is not owned by Hostbill.
    And what makes you think I don't know that? I don't know if you follow what we do but we follow the industry pretty close.

    Again, I will repeat it is a rumor. The forum being owned by hostbill or not is completely irrelevant. If there is any legitimacy to the rumor who cares the owner of a forum. if the rumor is true, regardless of the forum owner then there is risk for every user of hostbill being compromised since they do auto updates through the admin panel. If the hostbill infrastructure is compromised, someone could push out a compromised update.
    Last edited by Steven; 11-09-2013 at 12:43 AM.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Similar Threads

  1. Replies: 10
    Last Post: 12-20-2012, 12:47 PM
  2. HostBill - Dedicated Server Manager update
    By HostBill in forum Software & Scripts Offers
    Replies: 3
    Last Post: 11-01-2011, 11:13 AM
  3. Important Kayako security bulletin - SupportSuite and eSupport patch issued
    By Jamie Edwards in forum Web Hosting Industry Announcements
    Replies: 0
    Last Post: 10-04-2009, 10:02 AM
  4. Important security issued
    By striker9 in forum Hosting Security and Technology
    Replies: 9
    Last Post: 07-27-2007, 03:02 PM
  5. IKobo Security Warning Issued
    By vibesolutions in forum Web Hosting Lounge
    Replies: 2
    Last Post: 12-22-2003, 05:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •