The Hosting Tool Secure?

[raversworld]

So a while back I was using the hosting tool as my billing system because I was strapped for money. In which I found out that there was an exploit that came out prior to an update. My site was hacked using that exploit. This has shaken my beliefs in the security of the script itself. Should I put it back on with the most recent update?

[theraptor]

The MySQL injection vulnerability you are referring (Secunia SA42369)to was kindly pointed out to us by both the finder and Secunia, and was patched in the v1.2.3 release a full week before the advisory was released to the public(the update was released 12-14-2010). The only way you should have been "hacked" by this exploit is if you have not been properly updating your script, which is entirely your fault, as THT reminds you to update every time you view the Admin CP. The only current exploit is a Cross-Site Scripting problem, which has been minimized in the current release (1.2.3) and with the proper security protocols that any webmaster should be following is not really a problem at all (log out of THT Admin CP when you are done with it, do not visit suspicious websites while logged in to the ACP)

As with any script for your website, you should maintain caution and keep in mind that THT was, and is, intended to be used for free hosts. If you are selling hosting to someone, you should make the small investment in a system such as WHMCS, which was designed for that.

[Derek Flahost]

So I assume, it is safe for us to continue to use THT, rite?

[Schmarvin]

So your saying I can't go ahead and hack someone's site? I already reported a few more holes in your system. I think I've reported over a dozen in the past couple of updates.

[theraptor]

Now this is interesting. Where have you reported them to Schmarvin? Certainly not using the Google Code Issue tracker. And not to my email or Kevin's also. And Secunia hasn't added any issues to the advisory database, so if you reported them there they can't be much issues at all. If you have found some security flaws, please report them to me, and they will be patched.

[Derek Flahost]

Schmarvin,
are those holes are critical exploit?
Please share some info.

[techsavy]

Nice, was a good read.

[Schmarvin]

Now this is interesting. Where have you reported them to Schmarvin? Certainly not using the Google Code Issue tracker. And not to my email or Kevin's also. And Secunia hasn't added any issues to the advisory database, so if you reported them there they can't be much issues at all. If you have found some security flaws, please report them to me, and they will be patched.

I did, right when you guys went into development. Not my fault if the issues were marked and removed.

Schmarvin,
are those holes are critical exploit?
Please share some info.

They were at the time.

[schwaface]

Usually, the real legal copy can be pretty safe to serve as a hosting tool!

[Derek Flahost]

Usually, the real legal copy can be pretty safe to serve as a hosting tool!

Explain "real legal copy".
THT is an open source script, so it is a legal copy, no matter how we download it.

[Tc-Ltd]

take it from me
THT is secured we are working with a small hacker team to test security on it
93% is safe
but 7% still need some changement

[deeplist]

93% is safe
but 7% still need some changement

Do you have a source for these stats, or do you only get hacked 7% of the time?

[sander k]

take it from me
THT is secured we are working with a small hacker team to test security on it
93% is safe
but 7% still need some changement

Are you with THT?
Who are you?

[CS Squad]

take it from me
THT is secured we are working with a small hacker team to test security on it
93% is safe
but 7% still need some changement

7% is quite high actually.

[sander k]

I was thinking of installing THT, but nevermind.