Jump to content
  • 0

Blesta Website

Biscuit1001

Asked by Biscuit1001,

 Share

Question

Biscuit1001 Newbie

Biscuit1001

Posted
Posted

I considered Blesta a couple years ago and decided against it, though I couldn't remember why, but there was something that really put me off then. I think I may have just found what it was.

 

Looking at the source code of your own site, which runs WordPress

<meta name="generator" content="WordPress 3.4.2"/>

I thought, wow, there's no way they could be running such an old, out-dated and unsecure version of WordPress...especially with all the focus on the security of the Blesta software. I realize the two could very well be mutually exclusive, but it's not a good sign.

 

I went to Sucuri to do a site check, and I urge you to do the same:

 

http://sitecheck.sucuri.net/results/www.blesta.com

 

post-3993-0-64161500-1382752096_thumb.pn

 

post-3993-0-29684900-1382752406_thumb.pn

 

Malware is found specifically in the resellers section.  Malware entry: MW:EXPLOITKIT:BLACKHOLE1

 

I've never found Sucuri to be wrong, but I'm not ruling out that possibility. According to Sucuri you ARE running WordPress 3.4.2. PLEASE tell me that's not true, that Sucuri is somehow wrong. Because if it is true... with all due respect you have no room to be criticizing any other billing systems' code. Running such an outdated install of WordPress is beyond a rookie mistake.

 

Again, let me make my position clear: I'm really hoping this IS a false positive or in error. According to Google, your site is clean.

 

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=blesta.com

 

Sucuri may possibly be making assumptions based on the severely outdated WP Generator tag left behind (though that in itself is a boneheaded move...sorry, but it is).

11 answers to this question

Recommended Posts

  • 0
cloudrck Newbie

cloudrck

Posted
Posted

If you knew how to decode/unobfuscate javascript or malware, it would take 10 seconds to realize it's to encode their email address from spam bots. You can't depend on automated webapps for reliable malware scanning. They are only good at giving unexperienced people a false sense of security.

 

 

 

 

Sucuri may possibly be making assumptions based on the severely outdated WP Generator tag left behind (though that in itself is a boneheaded move...sorry, but it is).

 

Explain.

 

 

http://w3techs.com/sites/info/blesta.com

 

WordPress 3.4.2
(77% of sites use a newer version)

 

PHP 5.3.3
(47% of sites use a newer version)

What's signifcant about this data?

  • 0
MemoryX2 Newbie

MemoryX2

Posted
Posted

You're most welcome. Thank you for the tone of the response...that's all I need to know. And yes, rookies. Leaving a 3.4.2 generator tag in the WP code, total rookie move.

 

I honestly can't see why it matters. Their busy writing awesome software that works fantastically, who cares if they update their WordPress generator tag?

  • 0
cloudrck Newbie

cloudrck

Posted
Posted

You're most welcome. Thank you for the tone of the response...that's all I need to know. And yes, rookies. Leaving a 3.4.2 generator tag in the WP code, total rookie move.

You've provided no substance to back any of your statements. All you've done is copy and paste what an inaccurate website said in addition to posting statistics of software versions. (rookie move?)

 

Please explain how a tag effects anything.

  • 0
wfitg Newbie

wfitg

Posted
Posted

The OP seems to place 100% faith in 'on-line' web scanners. Many of them don't scan beyond the first page. Plus, their job is to scan for things that they sell. For instance, Sucuri scans every site for a firewall. If it is missing they try to sell it to you. 

To truly discover if a site has an infection or vulnerability use something like 'Fiddler Web debugger'. Fiddler will even decrypt the traffic.

It may be the OP that is the rookie. :)

  • 0
Michael Apprentice

Michael

Posted
Posted

The OP seems to place 100% faith in 'on-line' web scanners. Many of them don't scan beyond the first page. Plus, their job is to scan for things that they sell. For instance, Sucuri scans every site for a firewall. If it is missing they try to sell it to you. 

To truly discover if a site has an infection or vulnerability use something like 'Fiddler Web debugger'. Fiddler will even decrypt the traffic.

It may be the OP that is the rookie. :)

 

Or the op works for WHM** or another competitor.. or even more a Zombie because they like biscuits, isn't that a kiddie name? 

 

You are correct but they are stupid:

 

Sucuri:

 

post-38-0-48755600-1410625007_thumb.png

 

InterWorx:

 

post-38-0-50107000-1410625023_thumb.png

 

Nope we don't have a firewall Sucuri.

  • 0
Nelsa Newbie

Nelsa

Posted
Posted

Thing is I just search and randomly try 3 scaners from first page from google search results and all shows site "clean" status for blesta.com ,seems OP is look hard for site which will show hacked/infected state (only because they are not whitelisted hivelogic e-mail encrypter/decoder).

And main question is why woud some one bored to scan blesta.com in first place which is handled by WP not Blesta?Just to say one thing,at any other competitors forum/blog topic(and user who post it) like this woudn't last even one minute,they delete topics/post and ban users even for postive reviews....damn this just show how profesional and open these guys are.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...