PauloV

If you alredy add the Domain in Blesta->Package in Packages->Browse->Create Package. Just add the Domain, if you havent alredy added on Blesta->Clients->Browse->[Client ID]->[services]->New Service, select the service to add, and on the status select "Active" and do not select "Provision using the xxxx module", and "Continue"

Here some test tools to detect some of the "shellshock" security: http://shellshock.brandonpotter.com/ http://www.shellshocktest.com/ Use the above at your own risk Note: 100% Resolved on Bash Update: https://access.redhat.com/security/cve/CVE-2014-6271 Still not resolved: https://access.redhat.com/security/cve/CVE-2014-7169

@ Licensecart: Trying to refrase it again to make "the point" Anyone that install Blesta, has the professional obligation to use a separeted VPS or Dedicated Server or Isolated Hosting Enviorment to be able to secure data and use the latest stable PHP and MySQL and outher security measures. (wen i talk latest stable, im not talking about PHP 5.5 or PHP 5.6, but at the minimum the PHP 5.3, and not PHP 5.1 or PHP 5.2 that are very insecure comparing with the new ones) Or you are you trying to say that you have Blesta installed on a none VPS, none Dedicated Server or none Isolated Enviorment that you cant install/activate the latest satable PHP and MySQL? Blesta or any outher billing sistem has to be isolated from the rest of the buisness or data is more insecure, and is our responsability to have it secured enough For exemple, if you have a main web site and Blesta, if the main website is for exemple a popular CMS (Wordpress, Joomla, outher), and the CMS dosent work correctly on PHP => 5.3, then you have to update your CMS or at least put the CMS in anouther enviorment to able to Blesta be installed with the minimum PHP requirements. @Paul, @Tyson, @Cody: Please update the minimum PHP requirement (PHP => 5.3) or the competitours and jealous clients will use that argument to attack Blesta Security. Blesta is known to be the most, clean, secure, and stable, we have to continue to fight to be the best of best and not loose any reputation Is just my opinion

+1 If we dont do someting, blesta will not have the "big impact" because of the translations available

Hello, Just to warning all server admins that still dont know about "shellshock" security risk, to test and update imidiatly the servers, or else.... Full details here: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ http://forums.cpanel.net/f185/bash-code-injection-vulnerability-via-specially-crafted-environment-variables-cve-2014-6271-a-429671.html https://www.webhostingtalk.com/showthread.php?t=1414839 https://access.redhat.com/articles/1200223 The fix, still dosent fix 100% of the problem, but helps: 100% Resolved on Bash Update: https://access.redhat.com/security/cve/CVE-2014-6271 Still not resolved: 100% Resolved on Bash Update: https://access.redhat.com/security/cve/CVE-2014-7169 Fix for CVE-2014-6271 and CVE-2014-7169 On SSH execute the folowing For Red Hat Linux Distros or CloudLinux Just do this: yum clean all yum update bash For Ubuntu/Debian do this: apt-get update apt-get upgrade To check if you are running the latest Bash, do this: rpm -qa bash You dont need to reboot the server. You have to have in Red Hat 6, at least version 5.2 of bash. Dont ignore this or you will get real nightmares ===================== Here some test tools to detect some of the "shellshock" security: http://shellshock.brandonpotter.com/ http://www.shellshocktest.com/ Use the above test links at your own risk =====================

Think this way: 1º- Who uses a sofisticated automated billing system Like Blesta? Re: IT's Managers, Hosting Companies, DataCenters. 2º- Who the hell on point 1º dont want to use a stable, up to date PHP and/or MySQL Version, even if they dont use CloudLinux, Interworx or outher? Re: No one, only none professional buisness or kidies that dont know how to really manage an Hosting buisness want that. There is no reason that you can tell me to convice me to use an outdated PHP and/or MySQL version We do professional buisness, dont you? Everithing is unsecure, I repeat, everithing, even latest PHP 5.6 or MySQL Latest, but if you use the A person that buy Blesta, is a person consern with client data, so it has to use security to prevent future problems Im not telling this to you to get me rong, just to make a point

Im talking about PHP and not MySQL, the MySQL is anouther story a bit more complicated because of characteres map storing Also using Interworx you can in one click change PHP version on the fly without breaking anything

Just require a minimum, like PHP 5.3.X for now, and next year change to minimum 5.4.X etc.. I think this way you will get positive feedback The problem is PHP 5.1.X is more unsecure then > 5.2.x etc.. For me personaly dont hurt using PHP 5.1.x as minimum, but for more tecnical cases it will be a decision maker using a so outdated minimum version People what Security first, this days, so they dont mind using a seperated VPS or Server to install the minimum required PHP version to install Blesta. If I have buy Blesta today, and Blesta tell my that it needs PHP 5.6 minimum, Id prepare a server or vps or hoting account with the minimum of PHP 5.6 because is more secure. Just post on Blesta features and advantages, that the requirement of using a PHP 5.x.x is because is more secure then outhers. Just for the fun: Make a video in billingbrawl.com, comparing PHP minimum requirements. Who will win this time? think about it

CloudLinux/BetterLinux/Interworx help's this problem, because we can choose what verion of PHP to use without affecting all server I Dont think shutting down 5.2 will hurt, and you can this way foward like the outhers billing competitors. (you know what Im talking about, the "outher" that will be required next release PHP 5.3.7 minimum, and MySQL 5.1) I can also say, only Blesta uses as minimum < PHP 5.3, all outher are using => PHP 5.3 so Blesta cannot stay this way

Great timming We hope next week to release our updated plugins and modules for 3.3

File decoded I have sent u a PM on this forum I have detected the injection and the url that you will be able to find easily

I have send to you an email regarding this, asking you for one thing Thanks

Blesta APP is alredy Online on Android Store: https://play.google.com/store/apps/details?id=com.blesta.app For IOS (iPhone/iPad) (Apple Store) we have alredy submited but it takes more or less one week, I will post wen it will be aproved

Every tool we tested didnt decrypt the file I think is encoded with the latest ioncube encoderes and and we only support IC <=7 and PHP <=5.3 to decode, we will trie to to get the lastest decoders and post it back

If you want we can trie to decode it we have some powerfull decoding tools

We have successful made a plugin to add Menu/Links to Client Area and Admin. Because the new Blesta 3.3 we are waiting for the release of the Stable version to release the Plugin http://www.blesta.com/forums/index.php?/topic/3031-blesta-bookmarks-plugin-comming-really-soon-p/?hl=blesta+bookmarks

I have not recived to peak at the code. If anyone uploads that file, what does it do? If we "fingerprint" the code we can trie to see the source of the malware (underground foruns, blogs, irc, etc..) and know whois responsible for this

Does anyone alredy tried the IOS APP on iPhone or iPad? If so, how does it feel ? Only next week we will purchase an iPhone and iPad to test/debug P.S - We are planning someting "big", never seen in any Biling System, for Blesta Owners for Mobile Devices (im also curious also how the naja7host mobile app will work with the Blesta API connection)

My first concern is Backups For exemple, Blesta Backups, only Backups the DataBase, so if we have any problems we can upload the DataBase but never recover the PDF Cached Invoices (yes we do daily offline backups of files, but we never know the day after tomorow ) I Love CORE-923, but in the case that the Blesta dosent find the Cached File?, and for exemple a corrupted PDF Invoice?, its better to store the Client Details on the DataBase, because we sometimes need to acess the data on Blesta API to search Invoice Details to find an invoice to resend or consult details

+1

Hello, For some time we are thinking in a way to add a function to finally Merge Clients work and we faced some problems like for exemple "Modules" and "Plugins" that each one fetch in is own way the Client ID and we cannot track each way they work So, maybe add a special function to Modules/Plugins to do this job, and return the current or new/merged client ID and this way it will always tell the Correct ID, and we dont need to fetch Client ID from DataBase like we do right now. First, add a new database Client Field called for exemple "merged_ids" that will store as an array all Client ID's that are merged into, also add a new "Client Status" called "Merged" and if this status is active, it tells Blesta this client is no longer active and its merged in a new Client ID. So the new function will always first check if the Status is not "Merged" and second will check it there is any ID that we are lokking for are not in "merged_ids" and then it will return the correct user ID ti that Module/Plugin to associate the DATA Any touths how it will work? I think its better to start thinking now, because later it will be very dificult to us developpers to correct all Modules/Plugins that we are working on, and it will break if "Merge Client" is on the run Thanks, PV

Hello We are almost done to go in Production and migrate from WHMCS to Blesta 3.3 but it needs some more twicking for future pruposes We realize that Client Details (Name, Adress, Phone, VAT ID, Custum Fields) are not Hard Stored in a "Final Invoice". For exemple, if a client changes some data, it will reflect on a new downloaded Final Invoice, and for legall propuses that cant happen wen its a final invoice. My sugesttion is to store in an Array on a new field in invoices table all details and retrive from there only if its a final invoice Anouther exemple is for "Merge Client" that is not finish yet, but, it can fix this problem also if the Data is stored on Invoice Database Keepup the great work

Re: You can still see the Acepted Orders, clicking in Billing->Overview->Accepted We hope Blesta adds the Widget on Blesta 3.3 Stable on Client Overview also to easy track Re: Maybe you are confusing things Recurring Invoces only show if you manually create an Invoice with the option for "Recurring" payments. Packages that you have created, and clients have purchase, are always "Recurring" (if you setup to not cancel), but they donot show on "Recurring Invoices" because its not an "Recurring Invoice", but an "Recurring Package" A litle confusing but make sence

Yes it supports You can configure in Blesta admin on Settings->Biling/Payment->Invoice Customization On the new Blesta 3.3 that is now on Beta Test, it will also support Pro-Forma and Prorata Invoice system, they hope to release in a few days the Blesta 3.3 stable

Finally an IOS (iPhone/iPad) version available IOS applications are more complex to deploy then Android For exemple, for Android Aplication you need an Android Developper licence that is only $25 USD and you can imidiatly deploy, for IOS(iPhone/iPad) you also need an developer licence, and it costs $99 USD per year, and its needs some complex steps to be able to deploy, like generating app profiles with an Cordova Certificate to deploy the final certificate and autorize some devices if you are deploying for Dev, or Public devices. After we submited for IOS developper, it took 1 week to aprove, after an real phon call from a Apple staff to confirm that Im a real company, after that was, pay the yearly license, and start the debuging to deploy the APP After 2 days and almost 12 hours of test/error, test/error lol we finally understand how to correctly deploy an IOS APP with Cordova No more words, download the IOS Blesta APP from here: IOS Blesta APP Updated (21-09-2014) How to Install on IOS (iPhone/iPad) 1- Download the APP Blesta IOS APP here (Updated 21-09-2014) 2- Uncompress. 3- Open iTunes. 4- Select the Apps section on the left. 5- Drag your application to the applications list.. 6- Select your device in the left hand pane. 7- Select the Apps tab. 8- Make sure both the Sync checkbox and the application are selected. 9- Hit the apply button. 10- Your application should be installed on your device. Hope you like it. (For now we dont have an IOS device to test it, we will purchase for developper proposes next week one ) P.S - If Blesta autorize, we can publish in iTunes and Google Play Store for Free this simple APP