I reported THIS VULNERABILITY on 7.27.2007, its now been 6 months later and still no fix!!

Original Thread : http://forum.hostingcontroller.com/topic.asp?TOPIC_ID=4650
Thread Date : 7.27.2007

This was also reported thru the ticket system at support.hostingcontroller.com, unfortunately it was blown off.

6 months HC??? How much more time do you need to fix a security bug?

Change HC defualt port. Change default alias for control panel on sites.


KieranMullen

HC. When can we expect some security fixes?

Sal

Hello HC.

your response is needed. When will you provide security fixes for HC 6.x or should we just abandon our licenses. If you check your database we own 40 HC licenses.

Now if you want us to take our business to your competitors all you have to do is say so. At this point we are very disappointed in the manner you have addressed security,

And please do not tell me to upgrade to 7.0 - we would happily upgrade except that with HC 7 you dont support a truly distributed environemnt for larger ISP's

Now please tell me when you plan to address the security fixes for 6.0.

Sal

quote:

---

Originally posted by gothamweb
[br]Hello HC.

your response is needed. When will you provide security fixes for HC 6.x or should we just abandon our licenses. If you check your database we own 40 HC licenses.

---

I hear ya, we had a few like you but are down to just a small handful, rest were moved to dotnetpanel.

I agree about your issues with HC 7 and the same reason we never upgraded and moved to dotnetpanel. We even asked HC for help in moving to HC 7 but wanted to charge us some crazy amount to migrate to HC 7. Is it posible that HC is not fixing these issues to try and force customers pay and upgrade or lose there data or customers information.

Happy to say the dotnetpanel was the best solution we could find to upgrading our servers and the support team at DNP was happy to help us with our issues.

I wish you the best of luck to you, I know what you are going through and be happy to talk with you more offline, feel free to contact me anytime.

Best Of Luck,

Ps. HC please stop the madness and help your customers!

Interesting, I have just looked at dotnetpanel and will be installing their trial version on a server to see how it works. So far we have been unable to upgrade any servers from 6.1 to HC 7 without HC's intervention. Almost all of the applications included in their "Click and Install" applications pack have security holes and HC says "this is not their problem." I guess the thing that is getting to me the most is HC's attitude regarding these issues and their being part of the problem by not moving to fix security issues when they were 1st notified of them 6 months ago.

quote:

---

I hear ya, we had a few like you but are down to just a small handful, rest were moved to dotnetpanel.

---

Well, we have yet to hear back from HC about the security issues. I am starting to think that they dont understand the severity of the security issue.

In the USA we have a thing called law suits ... and our company doesnt want to be involved on one if a customer is affected.

All new dedicated and colo customers at our company are going on sd now. And we are seriously thinking of moving all our shared to sd too. Looks like HC cant handle security issues and thats a big NO NO in our industry.

We will wait till end of the week, they know how to contact us. They know our email and phone if they want to retain our business but maybe 40 licenses are too little for HC to worry about :)

Sal

Which control panel is SD?

quote:

---

Originally posted by gothamweb
[br]Well, we have yet to hear back from HC about the security issues. I am starting to think that they dont understand the severity of the security issue.

In the USA we have a thing called law suits ... and our company doesnt want to be involved on one if a customer is affected.

All new dedicated and colo customers at our company are going on sd now. And we are seriously thinking of moving all our shared to sd too. Looks like HC cant handle security issues and thats a big NO NO in our industry.

We will wait till end of the week, they know how to contact us. They know our email and phone if they want to retain our business but maybe 40 licenses are too little for HC to worry about :)

Sal

---

hc... what are u thinking about fix???

I didnt write SD ... I think HC replaced H*&^LM with SD in my post

HC I have been using this 7 version from last 8 months so far I have a good experience with your team. But I agree with other fellows who are using old HC version that security related patches should be released ASAP. I know your developers would have already started work on it...so don't be late mike :)

Otherwise these friends will suffer from more pain as switching the control panel is not a piece of cake.

Expecting a good news soon

I hear ya, we had a few like you but are down to just a small handful, rest were moved to dotnetpanel.

I agree about your issues with HC 7 and the same reason we never upgraded and moved to dotnetpanel. We even asked HC for help in moving to HC 7 but wanted to charge us some crazy amount to migrate to HC 7. Is it posible that HC is not fixing these issues to try and force customers pay and upgrade or lose there data or customers information.

Happy to say the dotnetpanel was the best solution we could find to upgrading our servers and the support team at DNP was happy to help us with our issues.

I wish you the best of luck to you, I know what you are going through and be happy to talk with you more offline, feel free to contact me anytime.

Best Of Luck,

Ps. HC please stop the madness and help your customers!


I was using HC long time ago then swtiched to Hspere but we were SUCKED after plsk acquistion. Now I have decided to come back to HC but looking at this thread I have decided to go with HC 7C.

DNpanel is hmmm.... okay, but in my personal opnion they need more time to become a mature panel to compete other giants.

We are releasing security patch for HC6 issues in a week time. Regarding HC7, we are improving it all the time and you will have some new features and integrations in upcoming build. FYI we DON'T charge for upgrade issues but if you want support team to upgrade your servers then you have to pay some extra money as service charges.

________________________
HC Support Team
support@hostingcontroller.com
http://hostingcontroller.com
+1-213-341-1419

I was charged $99 for HC 6 upgrade and for service. No one else was charged for it becuase it was made free. No refund was given. No credis for other services were given.

KieranMullen

quote:

---

Originally posted by kieranmullen
[br]I was charged $99 for HC 6 upgrade and for service. No one else was charged for it becuase it was made free. No refund was given. No credis for other services were given.

KieranMullen

---

Come on man don't you see how important conversation is going in this crucial thread... Don't divert our attension by acting in such a merciless way. If you are worried for just $99 then go and request to hc team directly because I have seen same words from you in couple of other threads . I hope they will do something for you...

By the way how long ago did you pay this amount probably 2-3 years ago... Even kids forget about such small amount of money..grow up ..[:(!]