Remote Data pullled out of installations?

nibb · July 02, 2014, 07:59:03 PM

I did not bothered to post this before, but some months ago I noticed something very concerning.

Exactly this:
http://hostbillapp.com/features/2013/#/step-22

That was announced on the hostbill page in terms to promote their software.

Did someone even bothered to check how concerning that is? How would Hostbill know how many invoices all their customers installations generated? If I remember correctly that slide even promoted how many in terms of $$$ where generated by hostbill installations.

The only way they know or even estimate this data is that each hostbill installation is sending them data from invoice generations and amounts.

I´m not sure about you guys but sending them financial private data is very concerning, in particular since all the software is encoded you would not even be aware if they sneak in a future update for more remote data pulling, like numbers of customers, income, or even servers passwords or customers data.

I find it concerning enough that they are pulling any information from your local server remotely or that you install is sending them any data at all. The only data send should be for license checking, not one single bit more or less.

Enterprisevpssolutions · July 02, 2014, 10:32:14 PM

Im sure its a estimated guess with the amount of license he has and how long its been around.

nibb · July 02, 2014, 11:56:19 PM

Quote from: Enterprisevpssolutions on July 02, 2014, 10:32:14 PM
Im sure its a estimated guess with the amount of license he has and how long its been around.

That is not possible. You can have an active hostbill installation generating 0 invoices and someone else could be generating 100 invoices per hour. There is no way to even have a rough estimate per softwares installed or sold.

The only way to get an estimate is logging into the installs as admin or a user with the relevant permission or sending the total number of invoices generated to hostbill servers.

Also, if I remember correctly, this was actually promoted on his webpage at the beginning of the years, not in slides and there he even published how many $$$ installations of hostbill generated, it was something like $$$$ millions generated by in invoices by hostbill users. Of course that does not mean anything, you can generate as much invoices as you want and still not get paid but my concern is how Hostbill accessed his details.

It would be nice to put a packet sniffer on a hostbill install to see exactly what data an installation is sending out to their servers.

Enterprisevpssolutions · July 03, 2014, 12:43:41 AM

Good Idea you should setup a system to track the packets shouldn't be that hard and report the findings.

lowprofile · July 03, 2014, 08:20:45 PM

Hmm...

I will sniff the traffic and return...

bmac20 · August 19, 2014, 08:12:08 PM

I Agree

I think this software is spying, hes now blocking AU ips becuase of Putins Sanctions Against AU. So dont be surprised if hes collecting your server passwords also....

Im never using HostBill Again!

nibb · August 19, 2014, 09:10:48 PM

Quote from: bmac20 on August 19, 2014, 08:12:08 PM
I Agree

I think this software is spying, hes now blocking AU ips becuase of Putins Sanctions Against AU. So dont be surprised if hes collecting your server passwords also....

Im never using HostBill Again!

How in the world did you draw that conclusion? Hostbill is in Poland, not Russia. And if go that route, actually Russia blocked Poland food imports...

What exactly do you mean by blocking AU ips? You probably have mis-configured something on your side.

Lawrence · August 21, 2014, 02:27:37 PM

Quote from: bmac20 on August 19, 2014, 08:12:08 PM
I Agree

I think this software is spying, hes now blocking AU ips becuase of Putins Sanctions Against AU. So dont be surprised if hes collecting your server passwords also....

Im never using HostBill Again!

Kris is not spying. I've already looked at the source. Don't make those accusations without concrete evidence.